Opera < 7.55.0 Cross-Domain Dialog Box Spoofing

Low Nessus Network Monitor Plugin ID 2373

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote host is using a version of Opera that is prone to a security flaw where a malicious website can spoof a cross-domain dialog box that may entice the local user to enter information based on the bogus domain. For example, if the malicious website were to spoof a trusted domain, the user may enter confidential information into the dialog box. These sort of exploits are commonly referred to as 'Phishing' scams.

Solution

Install Opera 7.55.0 or higher.

Plugin Details

Severity: Low

ID: 2373

File Name: 2373.prm

Family: Web Clients

Published: 2004/11/01

Modified: 2016/12/06

Dependencies: 1735, 8314

Risk Information

Risk Factor: Low

CVSSv2

Base Score: 2.6

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 3.6

Temporal Score: 3.6

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:opera:opera_browser

Reference Information

BID: 11475