4.3
CVE-2009-3266
- EPSS 2.68%
- Veröffentlicht 18.09.2009 22:30:00
- Zuletzt bearbeitet 16.06.2026 23:11:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opera ≫ Opera Browser Version5.0
Opera ≫ Opera Browser Version5.0 Updatebeta2
Opera ≫ Opera Browser Version5.0 Updatebeta3
Opera ≫ Opera Browser Version5.0 Updatebeta4
Opera ≫ Opera Browser Version5.0 Updatebeta5
Opera ≫ Opera Browser Version5.0 Updatebeta6
Opera ≫ Opera Browser Version5.0 Updatebeta7
Opera ≫ Opera Browser Version5.0 Updatebeta8
Opera ≫ Opera Browser Version5.02
Opera ≫ Opera Browser Version5.10
Opera ≫ Opera Browser Version5.11
Opera ≫ Opera Browser Version5.12
Opera ≫ Opera Browser Version6.0
Opera ≫ Opera Browser Version6.0 Updatebeta1
Opera ≫ Opera Browser Version6.0 Updatebeta2
Opera ≫ Opera Browser Version6.0 Updatetp1
Opera ≫ Opera Browser Version6.0 Updatetp2
Opera ≫ Opera Browser Version6.0 Updatetp3
Opera ≫ Opera Browser Version6.1
Opera ≫ Opera Browser Version6.01
Opera ≫ Opera Browser Version6.1 Updatebeta1
Opera ≫ Opera Browser Version6.02
Opera ≫ Opera Browser Version6.03
Opera ≫ Opera Browser Version6.04
Opera ≫ Opera Browser Version6.05
Opera ≫ Opera Browser Version6.06
Opera ≫ Opera Browser Version6.11
Opera ≫ Opera Browser Version6.12
Opera ≫ Opera Browser Version7.0
Opera ≫ Opera Browser Version7.0 Updatebeta1
Opera ≫ Opera Browser Version7.0 Updatebeta1_v2
Opera ≫ Opera Browser Version7.0 Updatebeta2
Opera ≫ Opera Browser Version7.01
Opera ≫ Opera Browser Version7.02
Opera ≫ Opera Browser Version7.03
Opera ≫ Opera Browser Version7.10
Opera ≫ Opera Browser Version7.10 Updatebeta1
Opera ≫ Opera Browser Version7.11
Opera ≫ Opera Browser Version7.11 Updatebeta2
Opera ≫ Opera Browser Version7.20
Opera ≫ Opera Browser Version7.20 Updatebeta7
Opera ≫ Opera Browser Version7.21
Opera ≫ Opera Browser Version7.22
Opera ≫ Opera Browser Version7.23
Opera ≫ Opera Browser Version7.50
Opera ≫ Opera Browser Version7.50 Updatebeta1
Opera ≫ Opera Browser Version7.51
Opera ≫ Opera Browser Version7.52
Opera ≫ Opera Browser Version7.53
Opera ≫ Opera Browser Version7.54
Opera ≫ Opera Browser Version7.54 Updateupdate1
Opera ≫ Opera Browser Version7.54 Updateupdate2
Opera ≫ Opera Browser Version7.60
Opera ≫ Opera Browser Version8.0
Opera ≫ Opera Browser Version8.0 Updatebeta1
Opera ≫ Opera Browser Version8.0 Updatebeta2
Opera ≫ Opera Browser Version8.0 Updatebeta3
Opera ≫ Opera Browser Version8.01
Opera ≫ Opera Browser Version8.02
Opera ≫ Opera Browser Version8.50
Opera ≫ Opera Browser Version8.51
Opera ≫ Opera Browser Version8.52
Opera ≫ Opera Browser Version8.53
Opera ≫ Opera Browser Version8.54
Opera ≫ Opera Browser Version9.0
Opera ≫ Opera Browser Version9.0 Updatebeta1
Opera ≫ Opera Browser Version9.0 Updatebeta2
Opera ≫ Opera Browser Version9.01
Opera ≫ Opera Browser Version9.02
Opera ≫ Opera Browser Version9.10
Opera ≫ Opera Browser Version9.12
Opera ≫ Opera Browser Version9.20
Opera ≫ Opera Browser Version9.20 Updatebeta1
Opera ≫ Opera Browser Version9.21
Opera ≫ Opera Browser Version9.22
Opera ≫ Opera Browser Version9.23
Opera ≫ Opera Browser Version9.24
Opera ≫ Opera Browser Version9.25
Opera ≫ Opera Browser Version9.26
Opera ≫ Opera Browser Version9.27
Opera ≫ Opera Browser Version9.50
Opera ≫ Opera Browser Version9.50 Updatebeta1
Opera ≫ Opera Browser Version9.50 Updatebeta2
Opera ≫ Opera Browser Version9.51
Opera ≫ Opera Browser Version9.52
Opera ≫ Opera Browser Version9.60
Opera ≫ Opera Browser Version9.60 Updatebeta1
Opera ≫ Opera Browser Version9.61
Opera ≫ Opera Browser Version9.62
Opera ≫ Opera Browser Version9.63
Opera ≫ Opera Browser Version9.64
Opera ≫ Opera Browser Version10.00
Opera ≫ Opera Browser Version10.00 Updatebeta1
Opera ≫ Opera Browser Version10.00 Updatebeta2
Opera ≫ Opera Browser Version10.00 Updatebeta3
Opera ≫ Opera Browser Version10.01
Opera ≫ Opera Browser Version10.10
Opera ≫ Opera Browser Version10.10 Updatebeta1
Opera ≫ Opera Browser Version10.50
Opera ≫ Opera Browser Version10.50 Updatebeta1
Opera ≫ Opera Browser Version10.50 Updatebeta2
Opera ≫ Opera Browser Version10.51
Opera ≫ Opera Browser Version10.52
Opera ≫ Opera Browser Version10.53
Opera ≫ Opera Browser Version10.53 Updateb
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.68% | 0.839 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/
http://www.securityfocus.com/archive/1/506517/100/0/threaded
http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html
http://secunia.com/advisories/37182
http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads/
http://www.opera.com/docs/changelogs/mac/1001/
http://www.opera.com/docs/changelogs/unix/1001/
http://www.opera.com/docs/changelogs/windows/1001/
http://www.opera.com/support/kb/view/939/
http://www.osvdb.org/59358
http://www.securityfocus.com/bid/36418
http://www.securityfocus.com/bid/36850
http://www.vupen.com/english/advisories/2009/3073
https://exchange.xforce.ibmcloud.com/vulnerabilities/54021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6314