Vulnerability Details : CVE-2004-2260
Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute.
Products affected by CVE-2004-2260
- cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2260
0.92%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2260
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2004-2260
-
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-2260
-
http://secunia.com/secunia_research/2004-2/advisory/
Broken Link;Vendor Advisory
-
http://www.osvdb.org/6108
Broken Link;Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16131
Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/11532
Broken Link;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/10337
Broken Link;Patch;Third Party Advisory;VDB Entry
Jump to