CVE-2008-4200

EPSS 1.94%
Veröffentlicht 27.09.2008 10:30:03
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opera ≫ Opera Browser Version <= 9.51

Opera ≫ Opera Browser Version5.0

Opera ≫ Opera Browser Version5.0 Updatebeta2

Opera ≫ Opera Browser Version5.0 Updatebeta3

Opera ≫ Opera Browser Version5.0 Updatebeta4

Opera ≫ Opera Browser Version5.0 Updatebeta5

Opera ≫ Opera Browser Version5.0 Updatebeta6

Opera ≫ Opera Browser Version5.0 Updatebeta7

Opera ≫ Opera Browser Version5.0 Updatebeta8

Opera ≫ Opera Browser Version5.02

Opera ≫ Opera Browser Version5.10

Opera ≫ Opera Browser Version5.11

Opera ≫ Opera Browser Version5.12

Opera ≫ Opera Browser Version6.0

Opera ≫ Opera Browser Version6.0 Updatebeta1

Opera ≫ Opera Browser Version6.0 Updatebeta2

Opera ≫ Opera Browser Version6.0 Updatebeta3

Opera ≫ Opera Browser Version6.0 Updatetp1

Opera ≫ Opera Browser Version6.0 Updatetp2

Opera ≫ Opera Browser Version6.0 Updatetp3

Opera ≫ Opera Browser Version6.1

Opera ≫ Opera Browser Version6.01

Opera ≫ Opera Browser Version6.1 Updatebeta1

Opera ≫ Opera Browser Version6.02

Opera ≫ Opera Browser Version6.03

Opera ≫ Opera Browser Version6.04

Opera ≫ Opera Browser Version6.05

Opera ≫ Opera Browser Version6.06

Opera ≫ Opera Browser Version6.11

Opera ≫ Opera Browser Version6.12

Opera ≫ Opera Browser Version7.0

Opera ≫ Opera Browser Version7.0 Updatebeta1

Opera ≫ Opera Browser Version7.0 Updatebeta1_v2

Opera ≫ Opera Browser Version7.0 Updatebeta2

Opera ≫ Opera Browser Version7.01

Opera ≫ Opera Browser Version7.02

Opera ≫ Opera Browser Version7.03

Opera ≫ Opera Browser Version7.10

Opera ≫ Opera Browser Version7.10 Updatebeta1

Opera ≫ Opera Browser Version7.11

Opera ≫ Opera Browser Version7.11 Updatebeta2

Opera ≫ Opera Browser Version7.20

Opera ≫ Opera Browser Version7.20 Updatebeta7

Opera ≫ Opera Browser Version7.21

Opera ≫ Opera Browser Version7.22

Opera ≫ Opera Browser Version7.23

Opera ≫ Opera Browser Version7.50

Opera ≫ Opera Browser Version7.50 Updatebeta1

Opera ≫ Opera Browser Version7.51

Opera ≫ Opera Browser Version7.52

Opera ≫ Opera Browser Version7.53

Opera ≫ Opera Browser Version7.54

Opera ≫ Opera Browser Version7.54 Updateupdate1

Opera ≫ Opera Browser Version7.54 Updateupdate2

Opera ≫ Opera Browser Version7.60

Opera ≫ Opera Browser Version8.0

Opera ≫ Opera Browser Version8.0 Updatebeta1

Opera ≫ Opera Browser Version8.0 Updatebeta2

Opera ≫ Opera Browser Version8.0 Updatebeta3

Opera ≫ Opera Browser Version8.01

Opera ≫ Opera Browser Version8.02

Opera ≫ Opera Browser Version8.50

Opera ≫ Opera Browser Version8.51

Opera ≫ Opera Browser Version8.52

Opera ≫ Opera Browser Version8.53

Opera ≫ Opera Browser Version8.54

Opera ≫ Opera Browser Version9.0

Opera ≫ Opera Browser Version9.0 Updatebeta1

Opera ≫ Opera Browser Version9.0 Updatebeta2

Opera ≫ Opera Browser Version9.01

Opera ≫ Opera Browser Version9.02

Opera ≫ Opera Browser Version9.10

Opera ≫ Opera Browser Version9.12

Opera ≫ Opera Browser Version9.20

Opera ≫ Opera Browser Version9.20 Updatebeta1

Opera ≫ Opera Browser Version9.21

Opera ≫ Opera Browser Version9.22

Opera ≫ Opera Browser Version9.23

Opera ≫ Opera Browser Version9.24

Opera ≫ Opera Browser Version9.25

Opera ≫ Opera Browser Version9.26

Opera ≫ Opera Browser Version9.27

Opera ≫ Opera Browser Version9.50

Opera ≫ Opera Browser Version9.50 Updatebeta1

Opera ≫ Opera Browser Version9.50 Updatebeta2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.94%	0.817

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/31549

http://secunia.com/advisories/32538

http://security.gentoo.org/glsa/glsa-200811-01.xml

http://www.openwall.com/lists/oss-security/2008/09/19/2

http://www.openwall.com/lists/oss-security/2008/09/24/4

http://www.opera.com/docs/changelogs/freebsd/952/

Patch

http://www.opera.com/docs/changelogs/linux/952/

Patch

http://www.opera.com/docs/changelogs/mac/952/

Patch

http://www.opera.com/docs/changelogs/solaris/952/