Summary
This host is installed with Opera and is prone to multiple Cross-Site Scripting vulnerabilities.
Impact
Attacker can exploit this issue to conduct XSS attacks to inject arbitrary web script or HTML.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
An error in the application which can be exploited to obtain complete control over feeds via a 'RSS' or 'Atom' feed. It is related to the rendering of the application/rss+xml content type as 'scripted content.'.
Affected
Opera version 9.x and 10.x on Linux.
References
Severity
Classification
-
CVE CVE-2009-3265, CVE-2009-3266 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apple Safari Multiple Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities