CVE-2008-5681
Opera < 9.63 - Unauthenticated Information Disclosure via Feed Preview Scripted URLs
Title source: llmDescription
Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/linux/963/
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34294
Vendor Advisory x_refsource_confirm
http://www.opera.com/support/kb/view/923/
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200903-30.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021461
Scores
EPSS
0.0036
EPSS Percentile
58.1%
Details
Status
published
Products (27)
opera/opera_browser
1.00
opera/opera_browser
2.00
opera/opera_browser
2.10 (4 CPE variants)
opera/opera_browser
2.12
opera/opera_browser
3.00 (2 CPE variants)
opera/opera_browser
3.10
opera/opera_browser
3.21
opera/opera_browser
3.50
opera/opera_browser
3.51
opera/opera_browser
3.60
... and 17 more
Published
Dec 19, 2008
Tracked Since
Feb 18, 2026