Summary
This host is installed with Opera Web Browser and is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will allow attackers to conduct Cross-Site Scripting attacks in the victim's system.
Impact Level: Application
Solution
Upgrade to Opera version 9.64 or later and 10.10 or later.
For updates refer to http://www.opera.com/
Insight
Error occurs when application fails to sanitise the 'javascript:' and 'data:' URIs in Location headers in HTTP responses, which can be exploited via vectors related to injecting a Location header.
Affected
Opera version 9.52 and prior and 10.00 Beta 3 Build 1699 on Linux.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3013 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
- Asterisk Missing ACL Check Remote Security Bypass Vulnerability
- Adobe Reader Multiple Vulnerabilities - Aug07 (Mac OS X)
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
- Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)