CVE-2008-4696

EUVD-2008-4676
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
operaopera
𝑥
≤ 9.6
operaopera
5..10
operaopera
5.0
operaopera
5.1
operaopera
5.2
operaopera
5.3
operaopera
5.4
operaopera
5.5
operaopera
5.6
operaopera
5.7
operaopera
5.8
operaopera
5.9
operaopera
5.11
operaopera
5.12
operaopera
6.0
operaopera
6.01
operaopera
6.02
operaopera
6.03
operaopera
6.04
operaopera
6.05
operaopera
6.06
operaopera
7.0
operaopera
7.0:beta_2
operaopera
7.01
operaopera
7.02
operaopera
7.03
operaopera
7.10
operaopera
7.11
operaopera
7.20
operaopera
7.20:beta7
operaopera
7.21
operaopera
7.22
operaopera
7.23
operaopera
7.50
operaopera
7.50:beta_1
operaopera
7.51
operaopera
7.52
operaopera
7.53
operaopera
7.54
operaopera
7.54:update_1
operaopera
7.54:update_2
operaopera
8.0
operaopera
8.0:beta_1
operaopera
8.0:beta_2
operaopera
8.0:beta_3
operaopera
8.01
operaopera
8.02
operaopera
8.50
operaopera
8.51
operaopera
8.52
operaopera
8.53
operaopera
8.54
operaopera
9.0
operaopera
9.0:beta_1
operaopera
9.0:beta_2
operaopera
9.01
operaopera
9.02
operaopera
9.10
operaopera
9.20
operaopera
9.20:beta_1
operaopera
9.21
operaopera
9.22
operaopera
9.23
operaopera
9.24
operaopera
9.25
operaopera
9.26
operaopera
9.27
operaopera
9.50
operaopera
9.50:beta_2
operaopera
9.51
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
opera
dapper
dne
gutsy
dne
hardy
dne
intrepid
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html
http://secunia.com/advisories/32299
http://secunia.com/advisories/32394
http://secunia.com/advisories/32538
http://security.gentoo.org/glsa/glsa-200811-01.xml
http://securityreason.com/securityalert/4504
http://www.openwall.com/lists/oss-security/2008/10/21/6
http://www.openwall.com/lists/oss-security/2008/10/22/5
http://www.opera.com/docs/changelogs/freebsd/961/
http://www.opera.com/docs/changelogs/linux/961/
http://www.opera.com/docs/changelogs/mac/961/
http://www.opera.com/docs/changelogs/solaris/961/
http://www.opera.com/docs/changelogs/windows/961/
http://www.opera.com/support/search/view/903/
http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf
http://www.securityfocus.com/archive/1/497646/100/0/threaded
http://www.securityfocus.com/bid/31869
http://www.vupen.com/english/advisories/2008/2873
https://exchange.xforce.ibmcloud.com/vulnerabilities/46003
https://www.exploit-db.com/exploits/6801
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html
http://secunia.com/advisories/32299
http://secunia.com/advisories/32394
http://secunia.com/advisories/32538
http://security.gentoo.org/glsa/glsa-200811-01.xml
http://securityreason.com/securityalert/4504
http://www.openwall.com/lists/oss-security/2008/10/21/6
http://www.openwall.com/lists/oss-security/2008/10/22/5
http://www.opera.com/docs/changelogs/freebsd/961/
http://www.opera.com/docs/changelogs/linux/961/
http://www.opera.com/docs/changelogs/mac/961/
http://www.opera.com/docs/changelogs/solaris/961/
http://www.opera.com/docs/changelogs/windows/961/
http://www.opera.com/support/search/view/903/
http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf
http://www.securityfocus.com/archive/1/497646/100/0/threaded
http://www.securityfocus.com/bid/31869
http://www.vupen.com/english/advisories/2008/2873
https://exchange.xforce.ibmcloud.com/vulnerabilities/46003
https://www.exploit-db.com/exploits/6801