Vulnerability Name:

CVE-2007-6522 (CCN-39162)

Assigned:2007-12-19
Published:2007-12-19
Updated:2017-08-08
Summary:The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Bypass Security
References:Source: MISC
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=202770

Source: MITRE
Type: CNA
CVE-2007-6522

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:001

Source: CCN
Type: SA28169
Opera Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
28169

Source: SECUNIA
Type: UNKNOWN
28290

Source: SECUNIA
Type: UNKNOWN
28314

Source: GENTOO
Type: UNKNOWN
GLSA-200712-22

Source: CCN
Type: SECTRACK ID: 1019131
Opera Bugs Permit Code Execution and Cross-Domain Scripting Attacks

Source: CCN
Type: GLSA-200712-22
Opera: Multiple vulnerabilities

Source: CONFIRM
Type: Patch
http://www.opera.com/docs/changelogs/linux/925/

Source: CONFIRM
Type: Patch
http://www.opera.com/docs/changelogs/windows/925/

Source: CCN
Type: Opera Web site
Changelog for Opera 9.25 for Windows

Source: CCN
Type: Opera Software Knowledge Base Article 875
Advisory: Rich editing allows cross domain scripting

Source: CONFIRM
Type: UNKNOWN
http://www.opera.com/support/search/view/875/

Source: CCN
Type: OSVDB ID: 42693
Opera Rich Text Editing Functionality designMode Cross-domain Scripting

Source: BID
Type: UNKNOWN
26937

Source: CCN
Type: BID-26937
Opera Web Browser Multiple Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1019131

Source: VUPEN
Type: UNKNOWN
ADV-2007-4261

Source: XF
Type: UNKNOWN
opera-plugins-security-bypass(39147)

Source: XF
Type: UNKNOWN
opera-richtext-security-bypass(39162)

Source: SUSE
Type: SUSE-SA:2008:001
Opera 9.25 security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:opera:opera_browser:1.00:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.00:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.10:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.10:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.10:beta3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.12:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.00:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.00:beta:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.21:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.50:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.51:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.60:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.61:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.62:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.62:beta:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta4:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta5:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta6:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.03:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.04:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.05:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.06:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.11:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.12:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.03:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.11:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.20:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.21:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.22:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.23:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.50:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.51:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.52:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.53:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.54:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.54:update1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.54:update2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.60:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.50:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.51:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.52:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.53:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.54:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.12:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.20:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.21:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.22:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.23:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:*:*:*:*:*:*:*:* (Version <= 9.24)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20076522
    V
    		CVE-2007-6522
    2015-11-16
    BACK
    opera opera browser 1.00
    opera opera browser 2.00
    opera opera browser 2.10
    opera opera browser 2.10 beta1
    opera opera browser 2.10 beta2
    opera opera browser 2.10 beta3
    opera opera browser 2.12
    opera opera browser 3.00
    opera opera browser 3.00 beta
    opera opera browser 3.10
    opera opera browser 3.21
    opera opera browser 3.50
    opera opera browser 3.51
    opera opera browser 3.60
    opera opera browser 3.61
    opera opera browser 3.62
    opera opera browser 3.62 beta
    opera opera browser 4.00
    opera opera browser 4.00 beta2
    opera opera browser 4.00 beta3
    opera opera browser 4.00 beta4
    opera opera browser 4.00 beta5
    opera opera browser 4.00 beta6
    opera opera browser 4.01
    opera opera browser 4.02
    opera opera browser 5.0
    opera opera browser 5.0 beta2
    opera opera browser 5.0 beta3
    opera opera browser 5.0 beta4
    opera opera browser 5.0 beta5
    opera opera browser 5.0 beta6
    opera opera browser 5.0 beta7
    opera opera browser 5.0 beta8
    opera opera browser 5.02
    opera opera browser 5.10
    opera opera browser 5.11
    opera opera browser 5.12
    opera opera browser 6.0
    opera opera browser 6.0 beta1
    opera opera browser 6.0 beta2
    opera opera browser 6.0 tp1
    opera opera browser 6.0 tp2
    opera opera browser 6.0 tp3
    opera opera browser 6.01
    opera opera browser 6.1
    opera opera browser 6.1 beta1
    opera opera browser 6.02
    opera opera browser 6.03
    opera opera browser 6.04
    opera opera browser 6.05
    opera opera browser 6.06
    opera opera browser 6.11
    opera opera browser 6.12
    opera opera browser 7.0
    opera opera browser 7.0 beta1
    opera opera browser 7.0 beta1_v2
    opera opera browser 7.0 beta2
    opera opera browser 7.01
    opera opera browser 7.02
    opera opera browser 7.03
    opera opera browser 7.10
    opera opera browser 7.10 beta1
    opera opera browser 7.11
    opera opera browser 7.11 beta2
    opera opera browser 7.20
    opera opera browser 7.20 beta7
    opera opera browser 7.21
    opera opera browser 7.22
    opera opera browser 7.23
    opera opera browser 7.50
    opera opera browser 7.50 beta1
    opera opera browser 7.51
    opera opera browser 7.52
    opera opera browser 7.53
    opera opera browser 7.54
    opera opera browser 7.54 update1
    opera opera browser 7.54 update2
    opera opera browser 7.60
    opera opera browser 8.0
    opera opera browser 8.0 beta1
    opera opera browser 8.0 beta2
    opera opera browser 8.0 beta3
    opera opera browser 8.01
    opera opera browser 8.02
    opera opera browser 8.50
    opera opera browser 8.51
    opera opera browser 8.52
    opera opera browser 8.53
    opera opera browser 8.54
    opera opera browser 9.0
    opera opera browser 9.0 beta1
    opera opera browser 9.0 beta2
    opera opera browser 9.01
    opera opera browser 9.02
    opera opera browser 9.10
    opera opera browser 9.12
    opera opera browser 9.20
    opera opera browser 9.20 beta1
    opera opera browser 9.21
    opera opera browser 9.22
    opera opera browser 9.23
    opera opera browser *