Summary
The host is installed with Opera web browser and is prone to multiple Cross Site Scripting (XSS) Vulnerability.
Impact
Successful remote attack could inject arbitrary code, launch cross site attacks, information disclosure and can even steal related DB (DataBase) contents.
Impact Level: Application
Solution
Upgrade to Opera 9.61
http://www.opera.com/download/
Insight
Flaws are due to,
- the URL of visited pages are not properly sanitised by the History Search functionality before being used.
- an error in the implementation of the Fast Forward feature.
- an error while blocking scripts during a news feed preview.
Affected
Opera version prior to 9.61 on Windows.
References
Severity
Classification
-
CVE CVE-2008-4696, CVE-2008-4697, CVE-2008-4698, CVE-2008-4725 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
- Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
- Asterisk SIP REGISTER Response Username Enumeration Vulnerability
- Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)