4.3

CVE-2012-4142

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.

Data is provided by the National Vulnerability Database (NVD)
OperaOpera Browser Version <= 12.00
   LinuxLinux Kernel
   MicrosoftWindows
OperaOpera Browser Version12.00 Updatebeta
   LinuxLinux Kernel
   MicrosoftWindows
OperaOpera Browser Version <= 11.65
   ApplemacOS X
OperaOpera Browser Version10.00
   ApplemacOS X
OperaOpera Browser Version10.00 Updatebeta1
   ApplemacOS X
OperaOpera Browser Version10.00 Updatebeta2
   ApplemacOS X
OperaOpera Browser Version10.00 Updatebeta3
   ApplemacOS X
OperaOpera Browser Version10.01
   ApplemacOS X
OperaOpera Browser Version10.10
   ApplemacOS X
OperaOpera Browser Version10.10 Updatebeta1
   ApplemacOS X
OperaOpera Browser Version10.11
   ApplemacOS X
OperaOpera Browser Version10.50
   ApplemacOS X
OperaOpera Browser Version10.50 Updatebeta1
   ApplemacOS X
OperaOpera Browser Version10.50 Updatebeta2
   ApplemacOS X
OperaOpera Browser Version10.51
   ApplemacOS X
OperaOpera Browser Version10.52
   ApplemacOS X
OperaOpera Browser Version10.52 Updatebeta1
   ApplemacOS X
OperaOpera Browser Version10.52 Updatebeta2
   ApplemacOS X
OperaOpera Browser Version10.53
   ApplemacOS X
OperaOpera Browser Version10.53 Updateb
   ApplemacOS X
OperaOpera Browser Version10.53 Updatebeta1
   ApplemacOS X
OperaOpera Browser Version10.54
   ApplemacOS X
OperaOpera Browser Version10.60
   ApplemacOS X
OperaOpera Browser Version10.60 Updatebeta1
   ApplemacOS X
OperaOpera Browser Version10.61
   ApplemacOS X
OperaOpera Browser Version10.62
   ApplemacOS X
OperaOpera Browser Version10.63
   ApplemacOS X
OperaOpera Browser Version11.00
   ApplemacOS X
OperaOpera Browser Version11.00 Updatebeta
   ApplemacOS X
OperaOpera Browser Version11.01
   ApplemacOS X
OperaOpera Browser Version11.10
   ApplemacOS X
OperaOpera Browser Version11.10 Updatebeta
   ApplemacOS X
OperaOpera Browser Version11.11
   ApplemacOS X
OperaOpera Browser Version11.50
   ApplemacOS X
OperaOpera Browser Version11.50 Updatebeta
   ApplemacOS X
OperaOpera Browser Version11.51
   ApplemacOS X
OperaOpera Browser Version11.52
   ApplemacOS X
OperaOpera Browser Version11.52.1100
   ApplemacOS X
OperaOpera Browser Version11.60
   ApplemacOS X
OperaOpera Browser Version11.60 Updatebeta
   ApplemacOS X
OperaOpera Browser Version11.61
   ApplemacOS X
OperaOpera Browser Version11.62
   ApplemacOS X
OperaOpera Browser Version11.64
   ApplemacOS X
OperaOpera Browser Version12.00
   ApplemacOS X
OperaOpera Browser Version12.00 Updatebeta
   ApplemacOS X
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.42% 0.589
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.