CVE-2009-3013

31.08.2009, 16:30

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header.  NOTE: the JavaScript executes outside of the context of the HTTP site.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
opera	opera_browser	𝑥 ≤ 9.52
opera	opera_browser	7.0
opera	opera_browser	7.23
opera	opera_browser	7.53
opera	opera_browser	7.54
opera	opera_browser	7.60
opera	opera_browser	8.0
opera	opera_browser	8.01
opera	opera_browser	8.02
opera	opera_browser	8.50
opera	opera_browser	8.51
opera	opera_browser	8.52
opera	opera_browser	8.53
opera	opera_browser	8.54
opera	opera_browser	9.0
opera	opera_browser	9.01
opera	opera_browser	9.02
opera	opera_browser	9.10
opera	opera_browser	9.12
opera	opera_browser	9.20
opera	opera_browser	9.21
opera	opera_browser	9.22
opera	opera_browser	9.51
opera	opera_browser	10.00:beta_3

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://websecurity.com.ua/3323/

http://websecurity.com.ua/3386/

https://exchange.xforce.ibmcloud.com/vulnerabilities/52996

http://websecurity.com.ua/3323/

http://websecurity.com.ua/3386/

https://exchange.xforce.ibmcloud.com/vulnerabilities/52996