CVE-2008-4725
Description
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60.
Risk Information
Base Score
4.1
MODERATE
Vector
AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
EPSS Score
Exploitation Probability
13.824
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Opera 9.52 | Windows |
| Multiple vulnerabilities affected in Opera 9.52 (For Ubuntu) | Linux |
| Multiple vulnerabilities affected in Opera 9.52 (For Debian) | Linux |
| Multiple vulnerabilities affected in Opera 9.52 (For Centos) | Linux |
| Multiple vulnerabilities affected in Opera 9.52 (For RedHat) | Linux |
| Multiple vulnerabilities affected in Opera 9.52 (For Suse) | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234