Opera Multiple Cross-Site Scripting Vulnerabilities - Sep09 (Linux) Network Vulnerability

Summary

This host is installed with Opera and is prone to multiple Cross-Site Scripting vulnerabilities.

Impact

Attacker can exploit this issue to conduct XSS attacks to inject arbitrary web script or HTML. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

An error in the application which can be exploited to obtain complete control over feeds via a 'RSS' or 'Atom' feed. It is related to the rendering of the application/rss+xml content type as 'scripted content.'.

Affected

Opera version 9.x and 10.x on Linux.

References

http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/
http://www.securityfocus.com/archive/1/archive/1/506517/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3265, CVE-2009-3266

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Web Server ETag Header Information Disclosure Weakness
Apache Struts2 showcase namespace XSS Vulnerability
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
AN Guestbook Local File Inclusion Vulnerability
AMSI 'file' Parameter Directory Traversal Vulnerability

Take action and discover your vulnerabilities