Page 29 of 143 results (0.006 seconds)

CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0

Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." Vulnerabilidad no esperada en Opera anterior v.10.10 tiene un impacto y vectores de ataque desconocidos, relacionados con un "asunto moderadamente severo." • http://osvdb.org/60528 http://secunia.com/advisories/37469 http://www.opera.com/docs/changelogs/mac/1010 http://www.opera.com/docs/changelogs/unix/1010 http://www.opera.com/docs/changelogs/windows/1010 http://www.securityfocus.com/bid/37089 http://www.vupen.com/english/advisories/2009/3297 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6543 •

CVSS: 4.3EPSS: 0%CPEs: 105EXPL: 1

Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." El navegador Opera anterior a la versión 10.01 no restringe de manera apropiada el HTML en un (1) RSS o (2) Atom feed, que permite a los atacantes remotos realizar ataques de tipo Cross-Site Scripting (XSS), y realizar ataques de tipo cross-zone scripting, que involucran la página Feed Subscription, para leer feeds o crear subscripciones feed, por medio de un feed creado, relacionado con la representación del tipo de contenido application/rss+xml como "scripted content." • http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html http://secunia.com/advisories/37182 http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads http://www.opera.com/docs/changelogs/mac/1001 http://www.opera.com/docs/changelogs/unix/1001 http://www.opera.com/docs/changelogs/windows/1001 http://www.opera.com/support/kb/view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 105EXPL: 1

Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. Opera permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) mediante una página web que contiene un gran número de etiquetas de marquesina anidadas, un problema relacionado con CVE-2006-2723. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0085.html https://exchange.xforce.ibmcloud.com/vulnerabilities/26898 • CWE-20: Improper Input Validation •