Test ID:	1.3.6.1.4.1.25623.1.0.800651
Category:	General
Title:	Opera Web Browser 'Refresh' Header XSS Vulnerabilities - Windows
Summary:	Opera Web Browser is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: Opera Web Browser is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: Flaw is due to error in Refresh headers in HTTP responses. It does not block javascript: URIs, while injecting a Refresh header or specifying the content of a Refresh header Vulnerability Impact: Successful remote attack could execute arbitrary script code in the context of the user running the application and to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks. Affected Software/OS: Opera version 9.52 and prior on Windows. Solution: Upgrade to Opera version 9.64 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2351 BugTraq ID: 35571 http://www.securityfocus.com/bid/35571 Bugtraq: 20090702 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome (Google Search) http://www.securityfocus.com/archive/1/504718/100/0/threaded Bugtraq: 20090703 Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome (Google Search) http://www.securityfocus.com/archive/1/504723/100/0/threaded http://websecurity.com.ua/3275/ http://websecurity.com.ua/3386/
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.