CVE-2008-4200 — Improper Input Validation in Browser

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.4MEDIUMNVD

EPSS

1.9%

top 16.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opera Browser

Timeline

PublishedSep 27

Latest updateMay 2

Description

Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDopera/opera_browser9.51+53

Patches

Patch: www.opera.com ↗Patch: www.opera.com ↗Patch: www.opera.com ↗

🔴Vulnerability Details

GHSA

GHSA-g7gq-8xmf-48g9: Opera before 9↗2022-05-02

▶

CVEList

CVE-2008-4200: Opera before 9↗2008-09-27

▶