Web application abuses : Opera Multiple Cross-Site Scripting Vulnerabilities (Sep 2009)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900858

Categoría: Web application abuses

Título: Opera Multiple Cross-Site Scripting Vulnerabilities (Sep 2009) - Linux

Resumen: Opera is prone to multiple Cross-Site Scripting vulnerabilities.

Descripción: Summary:
Opera is prone to multiple Cross-Site Scripting vulnerabilities.

Vulnerability Insight:
An error in the application which can be exploited to obtain complete control
over feeds via a 'RSS' or 'Atom' feed. It is related to the rendering of the
application/rss+xml content type as 'scripted content.'.

Vulnerability Impact:
Attacker can exploit this issue to conduct XSS attacks to inject arbitrary web
script or HTML.

Affected Software/OS:
Opera version 9.x and 10.x on Linux.

Solution:
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3265
Bugtraq: 20090916 Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more (Google Search)
http://www.securityfocus.com/archive/1/506517/100/0/threaded
http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6370
Common Vulnerability Exposure (CVE) ID: CVE-2009-3266
BugTraq ID: 36418
http://www.securityfocus.com/bid/36418
BugTraq ID: 36850
http://www.securityfocus.com/bid/36850
Bugtraq: 20091028 Hijacking Opera's Native Page using malicious RSS payloads (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html
http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads/
http://www.osvdb.org/59358
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6314
http://secunia.com/advisories/37182
http://www.vupen.com/english/advisories/2009/3073
XForce ISS Database: opera-feed-security-bypass(54021)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54021

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900858
Categoría:	Web application abuses
Título:	Opera Multiple Cross-Site Scripting Vulnerabilities (Sep 2009) - Linux
Resumen:	Opera is prone to multiple Cross-Site Scripting vulnerabilities.
Descripción:	Summary: Opera is prone to multiple Cross-Site Scripting vulnerabilities. Vulnerability Insight: An error in the application which can be exploited to obtain complete control over feeds via a 'RSS' or 'Atom' feed. It is related to the rendering of the application/rss+xml content type as 'scripted content.'. Vulnerability Impact: Attacker can exploit this issue to conduct XSS attacks to inject arbitrary web script or HTML. Affected Software/OS: Opera version 9.x and 10.x on Linux. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3265 Bugtraq: 20090916 Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more (Google Search) http://www.securityfocus.com/archive/1/506517/100/0/threaded http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6370 Common Vulnerability Exposure (CVE) ID: CVE-2009-3266 BugTraq ID: 36418 http://www.securityfocus.com/bid/36418 BugTraq ID: 36850 http://www.securityfocus.com/bid/36850 Bugtraq: 20091028 Hijacking Opera's Native Page using malicious RSS payloads (Google Search) http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads/ http://www.osvdb.org/59358 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6314 http://secunia.com/advisories/37182 http://www.vupen.com/english/advisories/2009/3073 XForce ISS Database: opera-feed-security-bypass(54021) https://exchange.xforce.ibmcloud.com/vulnerabilities/54021
Copyright	Copyright (C) 2009 Greenbone AG