4.3

CVE-2012-4144

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OperaOpera Browser Version <= 12.00
   LinuxLinux Kernel
   MicrosoftWindows
OperaOpera Browser Version12.00 Updatebeta
   LinuxLinux Kernel
   MicrosoftWindows
OperaOpera Browser Version <= 11.65
   ApplemacOS X
OperaOpera Browser Version10.00
   ApplemacOS X
OperaOpera Browser Version10.00 Updatebeta1
   ApplemacOS X
OperaOpera Browser Version10.00 Updatebeta2
   ApplemacOS X
OperaOpera Browser Version10.00 Updatebeta3
   ApplemacOS X
OperaOpera Browser Version10.01
   ApplemacOS X
OperaOpera Browser Version10.10
   ApplemacOS X
OperaOpera Browser Version10.10 Updatebeta1
   ApplemacOS X
OperaOpera Browser Version10.11
   ApplemacOS X
OperaOpera Browser Version10.50
   ApplemacOS X
OperaOpera Browser Version10.50 Updatebeta1
   ApplemacOS X
OperaOpera Browser Version10.50 Updatebeta2
   ApplemacOS X
OperaOpera Browser Version10.51
   ApplemacOS X
OperaOpera Browser Version10.52
   ApplemacOS X
OperaOpera Browser Version10.52 Updatebeta1
   ApplemacOS X
OperaOpera Browser Version10.52 Updatebeta2
   ApplemacOS X
OperaOpera Browser Version10.53
   ApplemacOS X
OperaOpera Browser Version10.53 Updateb
   ApplemacOS X
OperaOpera Browser Version10.53 Updatebeta1
   ApplemacOS X
OperaOpera Browser Version10.54
   ApplemacOS X
OperaOpera Browser Version10.60
   ApplemacOS X
OperaOpera Browser Version10.60 Updatebeta1
   ApplemacOS X
OperaOpera Browser Version10.61
   ApplemacOS X
OperaOpera Browser Version10.62
   ApplemacOS X
OperaOpera Browser Version10.63
   ApplemacOS X
OperaOpera Browser Version11.00
   ApplemacOS X
OperaOpera Browser Version11.00 Updatebeta
   ApplemacOS X
OperaOpera Browser Version11.01
   ApplemacOS X
OperaOpera Browser Version11.10
   ApplemacOS X
OperaOpera Browser Version11.10 Updatebeta
   ApplemacOS X
OperaOpera Browser Version11.11
   ApplemacOS X
OperaOpera Browser Version11.50
   ApplemacOS X
OperaOpera Browser Version11.50 Updatebeta
   ApplemacOS X
OperaOpera Browser Version11.51
   ApplemacOS X
OperaOpera Browser Version11.52
   ApplemacOS X
OperaOpera Browser Version11.52.1100
   ApplemacOS X
OperaOpera Browser Version11.60
   ApplemacOS X
OperaOpera Browser Version11.60 Updatebeta
   ApplemacOS X
OperaOpera Browser Version11.61
   ApplemacOS X
OperaOpera Browser Version11.62
   ApplemacOS X
OperaOpera Browser Version11.64
   ApplemacOS X
OperaOpera Browser Version12.00
   ApplemacOS X
OperaOpera Browser Version12.00 Updatebeta
   ApplemacOS X
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.601
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.