CVE-2012-1926

Sažetak

Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00012.html
http://osvdb.org/80622
http://secunia.com/advisories/48535
http://www.opera.com/docs/changelogs/mac/1162/
http://www.opera.com/docs/changelogs/unix/1162/
http://www.opera.com/docs/changelogs/windows/1162/
http://www.opera.com/support/kb/view/1012/
https://exchange.xforce.ibmcloud.com/vulnerabilities/74351

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

06-01-2018 - 02:29

Objavljeno

28-03-2012 - 03:22