CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
82.4%
Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.
Vendor | Product | Version | CPE |
---|---|---|---|
opera | opera_browser | 7.0 | cpe:/a:opera:opera_browser:7.0::: |
opera | opera_browser | 6.06 | cpe:/a:opera:opera_browser:6.06::: |
opera | opera_browser | 9.50 | cpe:/a:opera:opera_browser:9.50::: |
opera | opera_browser | 9.01 | cpe:/a:opera:opera_browser:9.01::: |
opera | opera_browser | 7.51 | cpe:/a:opera:opera_browser:7.51::: |
opera | opera_browser | 8.0 | cpe:/a:opera:opera_browser:8.0:beta3:: |
opera | opera_browser | 7.21 | cpe:/a:opera:opera_browser:7.21::: |
opera | opera_browser | 10.00 | cpe:/a:opera:opera_browser:10.00::: |
opera | opera_browser | 9.24 | cpe:/a:opera:opera_browser:9.24::: |
opera | opera_browser | 7.0 | cpe:/a:opera:opera_browser:7.0:beta1_v2:: |
lists.opensuse.org/opensuse-security-announce/2012-05/msg00012.html
osvdb.org/80622
secunia.com/advisories/48535
www.opera.com/docs/changelogs/mac/1162/
www.opera.com/docs/changelogs/unix/1162/
www.opera.com/docs/changelogs/windows/1162/
www.opera.com/support/kb/view/1012/
exchange.xforce.ibmcloud.com/vulnerabilities/74351