CVE-2009-2351
CVSS v2.0
4.3 (Medium)
EPSS
0.41 % (74th)
Affected Products
1
Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected.
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Related CVEs
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2009-07-07 23:30:00
(15 years ago) - Updated Date
-
2018-10-30 16:26:33
(5 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...