CVE-2008-4725

Opera Browser 9.52 - Stored Cross-Site Scripting via History Search Query String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4725. PoCs published by Roberto Suggi Liverani.

AI-analyzed exploit summary This is a detailed writeup describing a stored XSS vulnerability in Opera browser (CVE-2008-4725), where malicious JavaScript can be injected via the URL fragment and executed when the user visits the history search page.

Description

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Roberto Suggi Liverani · textremotewindows

https://www.exploit-db.com/exploits/6801

View Code ZIP pw:eip

This is a detailed writeup describing a stored XSS vulnerability in Opera browser (CVE-2008-4725), where malicious JavaScript can be injected via the URL fragment and executed when the user visits the history search page.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Opera Browser (all desktop versions)

No auth needed

Prerequisites: Victim must visit a malicious link · Victim must access the Opera history search page

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2873

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/10/21/6

Vendor Advisory x_refsource_misc

http://www.opera.com/docs/changelogs/freebsd/961/

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32299

Various Sources x_refsource_misc

http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/10/22/5

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46231

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31869

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6801

Vendor Advisory x_refsource_misc

http://www.opera.com/docs/changelogs/mac/961/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46003

Vendor Advisory x_refsource_misc

http://www.opera.com/docs/changelogs/solaris/961/

Vendor Advisory x_refsource_confirm

http://www.opera.com/support/search/view/903/

Vendor Advisory x_refsource_misc

http://www.opera.com/docs/changelogs/linux/961/

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4504

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/497646/100/0/threaded

Vendor Advisory x_refsource_misc

http://www.opera.com/docs/changelogs/windows/961/

Scores

EPSS 0.0489

EPSS Percentile 90.9%

Details

CWE

CWE-79

Status published

Products (1)

opera/opera_browser 9.52

Published Oct 23, 2008

Tracked Since Feb 18, 2026