CVE-2007-1115Cross-site Scripting in Browser

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
1.3%
top 20.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opera Browser
Timeline
PublishedFeb 26
Latest updateMay 1

Description

The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDopera/opera_browser6 versions+5

Patches

Patch: www.hardened-php.netPatch: www.hardened-php.net

🔴Vulnerability Details

2
GHSA
GHSA-m2m6-jh3r-mxq5: The child frames in Opera 9 before 92022-05-01
CVEList
CVE-2007-1115: The child frames in Opera 9 before 92007-02-26
CVE-2007-1115 — Cross-site Scripting in Opera Browser | cvebase