CVE-2007-1115

Published Feb 26, 2007

Last updated 6 years ago

Overview

Description: The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEA17D3F-A17B-47A6-8066-583F63D11468"
          },
          {
            "criteria": "cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76C58A91-23BA-4336-A81B-B7FDFAF6CA91"
          },
          {
            "criteria": "cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC6E40C4-FA29-4D7A-9018-44154503A68F"
          },
          {
            "criteria": "cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED63C1B5-F52D-4C70-82D3-B427EAF5CF4F"
          },
          {
            "criteria": "cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98E48C83-01AE-4A33-A004-14B99792674C"
          },
          {
            "criteria": "cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B56A2B78-70BD-439B-B1ED-A17FA5EF0990"
          },
          {
            "criteria": "cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "623E4466-82CC-4BDD-BE25-3BB33B585547"
          },
          {
            "criteria": "cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F90E537-5A0F-4302-9CC3-8EE7EB21DD1D"
          },
          {
            "criteria": "cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF0002A4-8A90-471C-9813-F648D53E4F3A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References