Page 37 of 230 results (0.003 seconds)

CVSS: 6.8EPSS: 1%CPEs: 103EXPL: 0

Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. Opera en versiones anteriores a 9.26 permite a atacantes remotos con la complicidad del usuario ejecutar secuencias de comandos de su elección a través de imágenes que contienen comentarios personalizados, las cuales son tratadas como una secuencia de comandos cuando el usuario muestra las propiedades de una imagen. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html http://secunia.com/advisories/29029 http://secunia.com/advisories/29152 http://secunia.com/advisories/29178 http://security.gentoo.org/glsa/glsa-200803-09.xml http://www.opera.com/docs/changelogs/linux/926 http://www.opera.com/support/search/view/879 http://www.securityfocus.com/bid/27901 http://www.vupen.com/english/advisories/2008/0622 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 103EXPL: 0

Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. Opera versiones anteriores a 9.26 permite a atacantes remotos "evitar los filtos de limpieza" y realizar un ataque se secuencias de comandos en sitios cruzados (XSS) a través de valores de atributos manipulados en un documento XML, lo cual no son propiedades manejadas durante una presentación DOM. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html http://secunia.com/advisories/29029 http://secunia.com/advisories/29152 http://secunia.com/advisories/29178 http://security.gentoo.org/glsa/glsa-200803-09.xml http://www.opera.com/docs/changelogs/linux/926 http://www.opera.com/support/search/view/880 http://www.securityfocus.com/bid/27901 http://www.vupen.com/english/advisories/2008/0622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 1%CPEs: 103EXPL: 0

Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. Opera antes de 9.26 permite a atacantes remotos asistidos por el usuario leer archivos de su elección engañando al usuario para que escriba los caracteres de nombre de archivo objetivo en un fichero de entrada. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html http://secunia.com/advisories/29029 http://secunia.com/advisories/29152 http://secunia.com/advisories/29178 http://security.gentoo.org/glsa/glsa-200803-09.xml http://www.opera.com/docs/changelogs/linux/926 http://www.opera.com/support/search/view/877 http://www.securityfocus.com/bid/27901 http://www.vupen.com/english/advisories/2008/0622 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 1%CPEs: 102EXPL: 0

Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. Opera anterior a 9.25 permite a atacantes remotos llevar a cabo ataques de secuecias de comandos de dominios cruzados a través de vectores desconocidos relacionado con extensiones. • http://bugs.gentoo.org/show_bug.cgi?id=202770 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://secunia.com/advisories/28169 http://secunia.com/advisories/28290 http://secunia.com/advisories/28314 http://security.gentoo.org/glsa/glsa-200712-22.xml http://www.opera.com/docs/changelogs/linux/925 http://www.opera.com/docs/changelogs/windows/925 http://www.securityfocus.com/bid/26937 http://www.securitytracker.com/id?1019131 http://www.vup • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 1%CPEs: 102EXPL: 0

The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. El texto enriquecido en la funcionalidad de edición de Opera anterior a 9.25 permite a atacantes remotos llevar a cabo ataques de secuencias de comandos de dominios cruzados utilizando el modo diseño (designMode) para modificar contenidos de páginas en otros dominios. • http://bugs.gentoo.org/show_bug.cgi?id=202770 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://secunia.com/advisories/28169 http://secunia.com/advisories/28290 http://secunia.com/advisories/28314 http://security.gentoo.org/glsa/glsa-200712-22.xml http://www.opera.com/docs/changelogs/linux/925 http://www.opera.com/docs/changelogs/windows/925 http://www.opera.com/support/search/view/875 http://www.securityfocus.com/bid/26937 http:/&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •