Opera Multiple Cross-Site Scripting Vulnerabilities - Sep09 (Win) Network Vulnerability

Summary

This host is installed with Opera and is prone to multiple Cross-Site Scripting vulnerabilities.

Impact

Attacker can exploit this issue to conduct XSS attacks to inject arbitrary web script or HTML. Impact Level: Application

Solution

Upgrade to version 10.1 or later, For updates refer to http://www.opera.com

Insight

An error in the application which can be exploited to obtain complete control over feeds via a 'RSS' or 'Atom' feed. It is related to the rendering of the application/rss+xml content type as 'scripted content'.

Affected

Opera version 9.x and 10.x on Windows.

References

http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/
http://www.securityfocus.com/archive/1/archive/1/506517/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3265, CVE-2009-3266

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat source.jsp malformed request information disclosure
Apache Continuum Cross Site Scripting Vulnerability
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Apache Solr Directory Traversal Vulnerability Jan-14
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities