CVE-2008-4696

Opera - Stored Cross-Site Scripting via History Search Database

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2008-4696. PoCs published by Metasploit, egypt, Roberto Suggi Liverani, including Metasploit module exploits/multi/browser/opera_historysearch.

AI-analyzed exploit summary This Metasploit module exploits a cross-site scripting (XSS) vulnerability in Opera's history search functionality to achieve arbitrary command execution. It leverages the vulnerability to modify Opera's configuration settings and execute commands via the mail handler.

Description

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16304

This Metasploit module exploits a cross-site scripting (XSS) vulnerability in Opera's history search functionality to achieve arbitrary command execution. It leverages the vulnerability to modify Opera's configuration settings and execute commands via the mail handler.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Opera versions between 9.50 and 9.61
No auth needed
Prerequisites: Victim must be using a vulnerable version of Opera (9.50 to 9.61) · Victim must visit a malicious webpage
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by egypt · rubyremotemultiple
https://www.exploit-db.com/exploits/9944

This Metasploit module exploits a cross-site scripting (XSS) vulnerability in Opera's history search functionality, allowing arbitrary command execution by manipulating Opera's configuration settings via JavaScript injection. The exploit targets Opera versions between 9.50 and 9.61.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Opera Browser 9.50 to 9.61
No auth needed
Prerequisites: Victim must visit a malicious webpage · Opera browser version between 9.50 and 9.61
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Roberto Suggi Liverani · textremotewindows
https://www.exploit-db.com/exploits/6801

This is a detailed writeup describing a stored XSS vulnerability in Opera browser (CVE-2008-4725), where malicious JavaScript can be injected via the URL fragment and executed when the user visits the history search page.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Opera Browser (all desktop versions)
No auth needed
Prerequisites: Victim must visit a malicious link · Victim must access the Opera history search page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Roberto Suggi · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/opera_historysearch.rb

This Metasploit module exploits a cross-site scripting (XSS) vulnerability in Opera's history search functionality (CVE-2008-4696) to achieve arbitrary command execution by manipulating Opera's mail handler preferences via JavaScript injection.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Opera Browser versions 9.50 to 9.61
No auth needed
Prerequisites: Victim must visit a malicious webpage · Opera browser version between 9.50 and 9.61
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2873
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32538
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/solaris/961/
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31869
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/windows/961/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46003
Vendor Advisory x_refsource_confirm
http://www.opera.com/support/search/view/903/
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32394
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/10/21/6
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32299
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/10/22/5
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6801
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4504
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/497646/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200811-01.xml

Scores

EPSS 0.4573
EPSS Percentile 98.6%

Details

CWE
CWE-79
Status published
Products (41)
opera/opera
opera/opera 5..10
opera/opera 5.0
opera/opera 5.1
opera/opera 5.2
opera/opera 5.3
opera/opera 5.4
opera/opera 5.5
opera/opera 5.6
opera/opera 5.7
... and 31 more
Published Oct 23, 2008
Tracked Since Feb 18, 2026