| Vulnerability Name: | CCN-11240 | ||||||
| Published: | 2003-02-04 | ||||||
| Updated: | 2003-02-04 | ||||||
| Summary: | Opera is vulnerable to cross-site scripting, caused by improper filtering of HTML tags from the path to an image file when the file:// directive is used. A remote attacker could create a Web page containing malicious script code in the path to an image file on the user's local system that is referred to, using the file:// directive, which would be executed within the security context of the victim. An attacker could use this vulnerability to read files, directories, and possibly emails on the victim's computer, once the victim browses to the malicious Web page. | ||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||
| Vulnerability Consequences: | Obtain Information | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Feb 04 2003 - 16:04:53 CST Re: Opera: What's Next (GM#005-OP) Source: CCN Type: BugTraq Mailing List, Wed Feb 05 2003 - 04:22:10 CST RE: Opera: What's Next (GM#005-OP) Source: CCN Type: GreyMagic Security Advisory GM#004-OP Opera Images. Source: CCN Type: Opera Web site Opera Software - The Best Internet Experience Source: CCN Type: BID-6756 Opera Image Rendering HTML Injection Vulnerability Source: XF Type: UNKNOWN opera-image-file-xss(11240) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||