Summary
The host is installed with Opera web browser and is prone to multiple Cross Site Scripting (XSS) Vulnerability.
Impact
Successful remote attack could inject arbitrary code, launch cross site attacks, information disclosure and can even steal related DB (DataBase) contents.
Impact Level: Application
Solution
Upgrade to Opera 9.61
http://www.opera.com/download/
Insight
Flaws are due to,
- the URL of visited pages are not properly sanitised by the History Search functionality before being used.
- an error in the implementation of the Fast Forward feature.
- an error while blocking scripts during a news feed preview.
Affected
Opera version prior to 9.61 on Windows.
References
Severity
Classification
-
CVE CVE-2008-4696, CVE-2008-4697, CVE-2008-4698, CVE-2008-4725 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)
- Apache Tomcat Multiple Vulnerabilities - 01 Mar14
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
- Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)
- Apple Safari Web Script Execution Vulnerabilites - June09