CVE-2008-4725

Opera Browser - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Roberto Suggi Liverani · textremotewindows

https://www.exploit-db.com/exploits/6801

View Code ZIP pw:eip

References (17)

Core 17

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2873

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/10/21/6

Vendor Advisory x_refsource_misc

http://www.opera.com/docs/changelogs/freebsd/961/

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32299

Various Sources x_refsource_misc

http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/10/22/5

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46231

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31869

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6801

Vendor Advisory x_refsource_misc

http://www.opera.com/docs/changelogs/mac/961/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46003

Vendor Advisory x_refsource_misc

http://www.opera.com/docs/changelogs/solaris/961/

Vendor Advisory x_refsource_confirm

http://www.opera.com/support/search/view/903/

Vendor Advisory x_refsource_misc

http://www.opera.com/docs/changelogs/linux/961/

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4504

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/497646/100/0/threaded

Vendor Advisory x_refsource_misc

http://www.opera.com/docs/changelogs/windows/961/

Scores

EPSS 0.1382

EPSS Percentile 94.3%

Details

CWE

CWE-79

Status published

Products (1)

opera/opera_browser 9.52

Published Oct 23, 2008

Tracked Since Feb 18, 2026