Web application abuses : Opera Multiple Cross-Site Scripting Vulnerabilities (Sep 2009)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900857

Categoría: Web application abuses

Título: Opera Multiple Cross-Site Scripting Vulnerabilities (Sep 2009) - Windows

Resumen: Opera is prone to multiple Cross-Site Scripting vulnerabilities.

Descripción: Summary:
Opera is prone to multiple Cross-Site Scripting vulnerabilities.

Vulnerability Insight:
An error in the application which can be exploited to obtain
complete control over feeds via a 'RSS' or 'Atom' feed. It is related to the
rendering of the application/rss+xml content type as 'scripted content'.

Vulnerability Impact:
Attacker can exploit this issue to conduct XSS attacks to inject
arbitrary web script or HTML.

Affected Software/OS:
Opera version 9.x and 10.x on Windows.

Solution:
Upgrade to version 10.1 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3265
Bugtraq: 20090916 Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more (Google Search)
http://www.securityfocus.com/archive/1/506517/100/0/threaded
http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6370
Common Vulnerability Exposure (CVE) ID: CVE-2009-3266
BugTraq ID: 36418
http://www.securityfocus.com/bid/36418
BugTraq ID: 36850
http://www.securityfocus.com/bid/36850
Bugtraq: 20091028 Hijacking Opera's Native Page using malicious RSS payloads (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html
http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads/
http://www.osvdb.org/59358
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6314
http://secunia.com/advisories/37182
http://www.vupen.com/english/advisories/2009/3073
XForce ISS Database: opera-feed-security-bypass(54021)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54021

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900857
Categoría:	Web application abuses
Título:	Opera Multiple Cross-Site Scripting Vulnerabilities (Sep 2009) - Windows
Resumen:	Opera is prone to multiple Cross-Site Scripting vulnerabilities.
Descripción:	Summary: Opera is prone to multiple Cross-Site Scripting vulnerabilities. Vulnerability Insight: An error in the application which can be exploited to obtain complete control over feeds via a 'RSS' or 'Atom' feed. It is related to the rendering of the application/rss+xml content type as 'scripted content'. Vulnerability Impact: Attacker can exploit this issue to conduct XSS attacks to inject arbitrary web script or HTML. Affected Software/OS: Opera version 9.x and 10.x on Windows. Solution: Upgrade to version 10.1 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3265 Bugtraq: 20090916 Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more (Google Search) http://www.securityfocus.com/archive/1/506517/100/0/threaded http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6370 Common Vulnerability Exposure (CVE) ID: CVE-2009-3266 BugTraq ID: 36418 http://www.securityfocus.com/bid/36418 BugTraq ID: 36850 http://www.securityfocus.com/bid/36850 Bugtraq: 20091028 Hijacking Opera's Native Page using malicious RSS payloads (Google Search) http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads/ http://www.osvdb.org/59358 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6314 http://secunia.com/advisories/37182 http://www.vupen.com/english/advisories/2009/3073 XForce ISS Database: opera-feed-security-bypass(54021) https://exchange.xforce.ibmcloud.com/vulnerabilities/54021
Copyright	Copyright (C) 2009 Greenbone AG