Skip to main content

Opera Browser CVE-2013-4705

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2013-09-13 vultures@jpcert.or.jp
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 13, 2013 - 14:10 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.

AnalysisAI

Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding. Affected products include: Opera Opera Browser. Version information: before 15.00.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2012-6470 CRITICAL POC
9.3 Jan 02

Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary

CVE-2013-1638 CRITICAL POC
9.3 Feb 08

Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. Rated cri

CVE-2012-3561 CRITICAL
10.0 Jun 14

Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary

CVE-2012-6468 CRITICAL
9.3 Jan 02

Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of

CVE-2013-1637 CRITICAL
9.3 Feb 08

Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. Rated critical se

CVE-2016-4075 MEDIUM POC
6.1 Apr 21

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related

CVE-2013-3211 CRITICAL
10.0 Apr 19

Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe i

CVE-2012-4145 CRITICAL
10.0 Aug 06

Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X,

CVE-2012-3559 CRITICAL
10.0 Jun 14

Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderat

CVE-2012-6465 CRITICAL
9.3 Jan 02

Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) vi

CVE-2012-3556 CRITICAL
9.3 Jun 14

Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-

CVE-2012-1003 MEDIUM POC
5.0 Feb 07

Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application c

Share

CVE-2013-4705 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy