{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-21T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the \"optional fragment\"), which is not properly escaped before storage in the History Search database (aka md.dat)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32394", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32394"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.opera.com/docs/changelogs/mac/961/"}, {"name": "ADV-2008-2873", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2873"}, {"name": "[oss-security] 20081021 Re: CVE Request: Opera 9.60 with security fixes", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/21/6"}, {"name": "32538", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32538"}, {"name": "32299", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32299"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.opera.com/docs/changelogs/solaris/961/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf"}, {"name": "[oss-security] 20081022 Re: CVE Request: Opera 9.60 with security fixes", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/22/5"}, {"name": "31869", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31869"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.opera.com/docs/changelogs/windows/961/"}, {"name": "6801", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6801"}, {"name": "opera-historysearch-xss(46003)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46003"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.opera.com/docs/changelogs/linux/961/"}, {"name": "SUSE-SR:2008:022", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.opera.com/support/search/view/903/"}, {"name": "4504", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4504"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.opera.com/docs/changelogs/freebsd/961/"}, {"name": "20081022 Opera Stored Cross Site Scripting Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/497646/100/0/threaded"}, {"name": "GLSA-200811-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200811-01.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4696", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the \"optional fragment\"), which is not properly escaped before storage in the History Search database (aka md.dat)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32394", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32394"}, {"name": "http://www.opera.com/docs/changelogs/mac/961/", "refsource": "CONFIRM", "url": "http://www.opera.com/docs/changelogs/mac/961/"}, {"name": "ADV-2008-2873", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2873"}, {"name": "[oss-security] 20081021 Re: CVE Request: Opera 9.60 with security fixes", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/21/6"}, {"name": "32538", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32538"}, {"name": "32299", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32299"}, {"name": "http://www.opera.com/docs/changelogs/solaris/961/", "refsource": "CONFIRM", "url": "http://www.opera.com/docs/changelogs/solaris/961/"}, {"name": "http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf", "refsource": "MISC", "url": "http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf"}, {"name": "[oss-security] 20081022 Re: CVE Request: Opera 9.60 with security fixes", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/22/5"}, {"name": "31869", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31869"}, {"name": "http://www.opera.com/docs/changelogs/windows/961/", "refsource": "CONFIRM", "url": "http://www.opera.com/docs/changelogs/windows/961/"}, {"name": "6801", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6801"}, {"name": "opera-historysearch-xss(46003)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46003"}, {"name": "http://www.opera.com/docs/changelogs/linux/961/", "refsource": "CONFIRM", "url": "http://www.opera.com/docs/changelogs/linux/961/"}, {"name": "SUSE-SR:2008:022", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html"}, {"name": "http://www.opera.com/support/search/view/903/", "refsource": "CONFIRM", "url": "http://www.opera.com/support/search/view/903/"}, {"name": "4504", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4504"}, {"name": "http://www.opera.com/docs/changelogs/freebsd/961/", "refsource": "CONFIRM", "url": "http://www.opera.com/docs/changelogs/freebsd/961/"}, {"name": "20081022 Opera Stored Cross Site Scripting Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497646/100/0/threaded"}, {"name": "GLSA-200811-01", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200811-01.xml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:24:20.696Z"}, "title": "CVE Program Container", "references": [{"name": "32394", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32394"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.opera.com/docs/changelogs/mac/961/"}, {"name": "ADV-2008-2873", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2873"}, {"name": "[oss-security] 20081021 Re: CVE Request: Opera 9.60 with security fixes", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/10/21/6"}, {"name": "32538", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32538"}, {"name": "32299", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32299"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.opera.com/docs/changelogs/solaris/961/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf"}, {"name": "[oss-security] 20081022 Re: CVE Request: Opera 9.60 with security fixes", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/10/22/5"}, {"name": "31869", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31869"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.opera.com/docs/changelogs/windows/961/"}, {"name": "6801", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6801"}, {"name": "opera-historysearch-xss(46003)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46003"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.opera.com/docs/changelogs/linux/961/"}, {"name": "SUSE-SR:2008:022", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.opera.com/support/search/view/903/"}, {"name": "4504", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4504"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.opera.com/docs/changelogs/freebsd/961/"}, {"name": "20081022 Opera Stored Cross Site Scripting Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/497646/100/0/threaded"}, {"name": "GLSA-200811-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200811-01.xml"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4696", "datePublished": "2008-10-23T21:00:00", "dateReserved": "2008-10-22T00:00:00", "dateUpdated": "2024-08-07T10:24:20.696Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opera:opera:*:*:*:*:*:*:*:*", "matchCriteriaId": "E55AA4C5-7075-4336-AFC0-F8981054F8D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:*:*:*:*:*:*:*:*", "matchCriteriaId": "70E481D9-4342-452F-84F9-45CA23E0E77A", "versionEndIncluding": "9.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:5..10:*:*:*:*:*:*:*", "matchCriteriaId": "40073FD8-6E5A-4770-837A-CAF0C8FD2A2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "F071C3F7-A3C4-475D-8843-B52F2DB7C56D", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "00ED2069-849A-4E62-88B3-323A8682F573", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "C5830888-AE31-4C80-A923-EA83B4464859", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D45E22AA-46A6-42F3-9E5B-95958163EF6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "655604B2-773D-4F94-951B-6E17E123EFA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "5E856FB7-7315-4ABF-A835-0BEF9BA10DC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "DE22CFC5-1607-4FF1-8681-24AE2C167C26", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "CCF854C3-7C1A-4B0D-B27D-10B52B9C41E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "9C27A748-0792-499F-A3A1-3C9528A5AD0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "E606F772-09E2-40F1-84C1-1A5B2BBD2FFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:5.11:*:*:*:*:*:*:*", "matchCriteriaId": "E5E77793-94BC-47D8-B2D1-D3B020DEF93C", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:5.12:*:*:*:*:*:*:*", "matchCriteriaId": "C0EC8D15-02D5-4988-85FD-50B1ABCC7B4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:6:beta_1:*:*:*:*:*:*", "matchCriteriaId": "BC32B83A-4E91-4D1D-8051-35F339E61A78", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "7BF315DF-C0C9-468C-8C7E-C4547AF431FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:6.01:*:*:*:*:*:*:*", "matchCriteriaId": "B5159296-AD9C-4199-B5DF-539EE61D45A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:6.02:*:*:*:*:*:*:*", "matchCriteriaId": "BE952E7C-EBDC-4652-95C3-C308BBEF1FAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:6.03:*:*:*:*:*:*:*", "matchCriteriaId": "EE616514-882C-4ED2-BB0C-1248B8316ED2", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:6.04:*:*:*:*:*:*:*", "matchCriteriaId": "00A6FD59-C258-4A49-81C9-F6E58FB30117", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:6.05:*:*:*:*:*:*:*", "matchCriteriaId": "DADA8A93-4DF4-4C95-860E-65CA46B12DD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "F9EF0387-AEFC-40BC-A7C8-28F175844CC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7:beta_1:*:*:*:*:*:*", "matchCriteriaId": "26FC4ABB-EDA9-426D-ADC9-E7DABEB8A64E", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7:beta_1.2:*:*:*:*:*:*", "matchCriteriaId": "DB0E448B-8A9C-44BF-AE29-D05900F6FEF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B5435A52-0F9D-41AC-9FF9-93A512D0103C", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "BD72F9AF-EFD5-408B-9FC3-6341F92B39B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.01:*:*:*:*:*:*:*", "matchCriteriaId": "2590789F-F333-4AD0-82B4-D6D9B9E0F5AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.02:*:*:*:*:*:*:*", "matchCriteriaId": "355242B3-33ED-4B65-8373-3CDC6C556B4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.03:*:*:*:*:*:*:*", "matchCriteriaId": "A685E97D-3B0F-4C69-8124-F3AB26905124", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4FDEC39-7B53-4AD9-9EDF-D95860264345", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.11:*:*:*:*:*:*:*", "matchCriteriaId": "CE7F056E-BB13-4453-8065-C18E6171AC0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.20:*:*:*:*:*:*:*", "matchCriteriaId": "0221A7DE-9F8F-46A4-B609-1F10D2606370", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.20:beta7:*:*:*:*:*:*", "matchCriteriaId": "A3089B27-E279-46B8-91C3-2040DBEBC281", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "7433778F-DE4F-48A7-8AF7-8DBD17DC4C5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "02178B82-3805-4B7C-B341-4F4E280B4DFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.23:*:*:*:*:*:*:*", "matchCriteriaId": "7FA8888D-6CC5-4ED8-9907-0B9709F2980A", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.50:*:*:*:*:*:*:*", "matchCriteriaId": "8A860F7C-F2FF-40A9-88DA-35766836A8F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.50:beta_1:*:*:*:*:*:*", "matchCriteriaId": "47871B2C-F6DA-4C92-BA15-90BA8FE3F979", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.51:*:*:*:*:*:*:*", "matchCriteriaId": "D7E2EA7B-19D5-4A6A-88BE-BEEEAA792536", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.52:*:*:*:*:*:*:*", "matchCriteriaId": "8E50D780-F507-49BC-8C34-477C6A7C3741", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "476868D1-E4EA-4F9A-8282-0CE5BB574362", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.54:*:*:*:*:*:*:*", "matchCriteriaId": "3BA7025B-BBB5-43BC-AB6E-E41E56430AB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.54:update_1:*:*:*:*:*:*", "matchCriteriaId": "5E33873C-DFD6-4450-8A9A-31CF2437E5FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:7.54:update_2:*:*:*:*:*:*", "matchCriteriaId": "D4D545A5-A8D9-4678-BB58-248B999AF4F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "00336594-FE61-4815-B52F-90BE545E9428", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:8.0:beta_1:*:*:*:*:*:*", "matchCriteriaId": "262ADE2E-4E91-4BA3-AAAD-A1B3A18EAAD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:8.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "587EBDA2-C0F1-469B-A9A9-68634CF058A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:8.0:beta_3:*:*:*:*:*:*", "matchCriteriaId": "3EBC3851-2A2E-41E9-A6D0-D41334BF7C84", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:8.01:*:*:*:*:*:*:*", "matchCriteriaId": "9CCE749D-8553-4365-A8C5-A6C9037FEAFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:8.02:*:*:*:*:*:*:*", "matchCriteriaId": "38F2F078-9620-4ED1-BA42-44C167DEF2A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:8.50:*:*:*:*:*:*:*", "matchCriteriaId": "C0B61DF6-755B-44D1-88C2-F3EF33BD6183", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:8.51:*:*:*:*:*:*:*", "matchCriteriaId": "A006AB3D-3228-4980-A45C-F331E8236867", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:8.52:*:*:*:*:*:*:*", "matchCriteriaId": "625DF977-9C3A-4904-BF77-DE1CE7C9AA53", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:8.53:*:*:*:*:*:*:*", "matchCriteriaId": "A5C0B1FD-140F-43BF-963F-55C6929DE68B", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:8.54:*:*:*:*:*:*:*", "matchCriteriaId": "244D2B12-5C3A-4007-B93C-0194417C00A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEDD65A0-57AA-4374-AF0D-EBE7B6F4A3CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.0:beta_1:*:*:*:*:*:*", "matchCriteriaId": "C1C64664-5B10-48E4-A457-56DBC8EB30D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "9EC34889-5A1F-4763-995E-67EE06EFB817", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.01:*:*:*:*:*:*:*", "matchCriteriaId": "85AD3AC7-F403-4A80-B56B-D32DF61A708A", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.02:*:*:*:*:*:*:*", "matchCriteriaId": "DADC950D-2542-43B3-BC71-FFE3AD76E29B", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "62EFDBC5-7ADB-4F66-8F0A-B234FC9C9B9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.20:*:*:*:*:*:*:*", "matchCriteriaId": "B57ECE1A-72DE-4E9C-B762-2935A964277F", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.20:beta_1:*:*:*:*:*:*", "matchCriteriaId": "83D2E44B-7DD4-4C41-BCCB-4B6F1D7DE171", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.21:*:*:*:*:*:*:*", "matchCriteriaId": "B8C204EE-8435-4CCA-B08C-60E702441AF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.22:*:*:*:*:*:*:*", "matchCriteriaId": "64166ABD-39BA-482C-BCA5-44468105E8BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.23:*:*:*:*:*:*:*", "matchCriteriaId": "B766176F-E80A-433A-AC30-1A1265FCDE53", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.24:*:*:*:*:*:*:*", "matchCriteriaId": "6CC06019-8CF0-4F01-8A63-853FB3F60185", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.25:*:*:*:*:*:*:*", "matchCriteriaId": "C6E09E20-40D5-4166-B870-5954339E176D", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.26:*:*:*:*:*:*:*", "matchCriteriaId": "E751386F-0179-4BE7-9F46-66455EAFB1A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.27:*:*:*:*:*:*:*", "matchCriteriaId": "6A7D9843-8967-4E36-9609-4497EECB2842", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.50:*:*:*:*:*:*:*", "matchCriteriaId": "16F85686-88F9-412C-9105-F94D4D4D61FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.50:beta_2:*:*:*:*:*:*", "matchCriteriaId": "29DDD7BF-9265-4202-93C1-98FAEC336190", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera:9.51:*:*:*:*:*:*:*", "matchCriteriaId": "089A088C-6DAE-4335-AD14-DACE64641A5A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the \"optional fragment\"), which is not properly escaped before storage in the History Search database (aka md.dat)."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Opera.dll de Opera versiones anteriores a v9.61 permite a atacantes remotos inyectar web script o HTML a trav\u00e9s de identificadores ancla (tambi\u00e9n conocido como el \"fragmento opcional\"), el cual no escapa apropiadamente antes del almacenaje en la base de datos History Search (tambi\u00e9n conocido como md.dat)."}], "id": "CVE-2008-4696", "lastModified": "2024-11-21T00:52:18.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-10-23T22:00:01.433", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32299"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32394"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32538"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200811-01.xml"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4504"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/10/21/6"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/10/22/5"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.opera.com/docs/changelogs/freebsd/961/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.opera.com/docs/changelogs/linux/961/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.opera.com/docs/changelogs/mac/961/"}, {"source": "cve@mitre.org", "url": "http://www.opera.com/docs/changelogs/solaris/961/"}, {"source": "cve@mitre.org", "url": "http://www.opera.com/docs/changelogs/windows/961/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.opera.com/support/search/view/903/"}, {"source": "cve@mitre.org", "url": "http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/497646/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/31869"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2873"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46003"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6801"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32299"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32394"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32538"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200811-01.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4504"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/10/21/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/10/22/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.opera.com/docs/changelogs/freebsd/961/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.opera.com/docs/changelogs/linux/961/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.opera.com/docs/changelogs/mac/961/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.opera.com/docs/changelogs/solaris/961/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.opera.com/docs/changelogs/windows/961/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.opera.com/support/search/view/903/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/497646/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/31869"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2873"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6801"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}