CVE-2008-4795

Opera < 9.61 - XSS

Title source: rule

Description

The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefano Di Paola · htmlremotelinux

https://www.exploit-db.com/exploits/32548

View Code ZIP pw:eip

References (7)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html

[Vendor Advisory] http://www.opera.com/support/search/view/907/

[Exploit, Patch] http://www.securityfocus.com/bid/31991

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1021127

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200811-01.xml

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46220

[Third Party Advisory] http://secunia.com/advisories/32538

Scores

EPSS 0.1116

EPSS Percentile 93.4%

Classification

CWE

CWE-79

Status published

Affected Products (50)

opera/opera < 9.61

opera/opera

... and 35 more

Timeline

Published Oct 30, 2008

Tracked Since Feb 18, 2026