Page 34 of 255 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 114EXPL: 0

Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Opera en versiones anteriores a 9.63 permite a atacantes remotos inyectar HTML o secuencias de comandos web arbitrarios a través de plantillas XSLT pre-instaladas. • http://osvdb.org/50951 http://secunia.com/advisories/34294 http://security.gentoo.org/glsa/glsa-200903-30.xml http://www.opera.com/docs/changelogs/linux/963 http://www.opera.com/support/kb/view/924 http://www.securitytracker.com/id?1021462 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 88EXPL: 0

Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds. Opera antes de la v9.61 no bloquea correctamente los scripts durante la previsualización de una fuente de noticias, lo que permite a atacantes remotos crear subscripciones de nuevas fuentes y leer los contenidos de fuentes aleatorias. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html http://secunia.com/advisories/32299 http://secunia.com/advisories/32394 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.openwall.com/lists/oss-security/2008/10/21/6 http://www.openwall.com/lists/oss-security/2008/10/22/5 http://www.opera.com/docs/changelogs/freebsd/961 http://www.opera.com/docs/changelogs/linux/961 http://www.opera.com&#x • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 88EXPL: 0

The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks. La característica Fast Forward en Opera antes de la v9.61, cuando una página está en un marco, ejecuta un javascript: URL en el contexto de la última página en vez de la página que contiene esta URL, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS). • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html http://secunia.com/advisories/32299 http://secunia.com/advisories/32394 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.openwall.com/lists/oss-security/2008/10/21/6 http://www.openwall.com/lists/oss-security/2008/10/22/5 http://www.opera.com/docs/changelogs/freebsd/961 http://www.opera.com/docs/changelogs/linux/961 http://www.opera.com&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 28%CPEs: 87EXPL: 1

Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL. Vulnerabilidad no especificada en Opera antes de la v.9.60 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o ejecutar código de su elección mediante una redirección que especifica una URL manipulada. • https://www.exploit-db.com/exploits/32467 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html http://secunia.com/advisories/32177 http://secunia.com/advisories/32394 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://securitytracker.com/id?1021016 http://www.openwall.com/lists/oss-security/2008/10/21/5 http://www.openwall.com/lists/oss-security/2008/10/22/5 http://www.opera.com/docs/changelogs/freebsd& • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 10.0EPSS: 1%CPEs: 85EXPL: 0

Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory. Opera anterior a v9.52 no comprueba el inválido CRL tras encontrar un certificado que carece de un CRL, lo cual tiene impacto y vectores de ataque desconocidos. NOTA: no está claro si esto es una vulnerabilidad, pero el vendedor lo incluye en la sección de avisos de seguridad. • http://bugs.gentoo.org/show_bug.cgi?id=235298 http://my.opera.com/community/forums/topic.dml?id=241988&t=1222404671&page=1 http://my.opera.com/yngve/blog/2008/06/27/nobody-checks-the-padlock-debunked-by-opera-users http://secunia.com/advisories/31549 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.openwall.com/lists/oss-security/2008/09/19/2 http://www.openwall.com/lists/oss-security/2008/09/24/4 http:/&#x • CWE-255: Credentials Management Errors •