CVE-2009-4071 — Cross-site Scripting in Browser

CWE-163 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

0.8%

top 26.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opera Browser

Timeline

PublishedNov 24

Latest updateMay 2

Description

Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDopera/opera_browser10.10+27

Patches

Patch: www.opera.com ↗Patch: www.opera.com ↗Patch: www.opera.com ↗

🔴Vulnerability Details

GHSA

GHSA-f383-hh72-jgh8: Opera before 10↗2022-05-02

▶

CVEList

CVE-2009-4071: Opera before 10↗2009-11-24

▶