Back to search
CVE-2007-1115
Published: Feb 26, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
22701
vdb-entry
x_refsource_BID
32118
vdb-entry
x_refsource_OSVDB
1017909
vdb-entry
x_refsource_SECTRACK
24312
third-party-advisory
x_refsource_SECUNIA
ADV-2007-0745
vdb-entry
x_refsource_VUPEN
25027
third-party-advisory
x_refsource_SECUNIA
http://www.opera.com/support/search/view/855/
x_refsource_CONFIRM
20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
mailing-list
x_refsource_BUGTRAQ
SUSE-SA:2007:028
vendor-advisory
x_refsource_SUSE
http://www.hardened-php.net/advisory_032007.142.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now