CVE-2004-2570

CVSS V2 Medium 5 CVSS V3 None
Description
Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user.
Overview
  • CVE ID
  • CVE-2004-2570
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2004-12-31T05:00:00
  • Last Modified Date
  • 2022-02-28T18:29:54
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:* 1 OR 7.54
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0131.html Broken Link
http://www.greymagic.com/security/advisories/gm008-op/ Broken Link Exploit Vendor Advisory
http://www.opera.com/docs/changelogs/windows/754/ Broken Link Patch
http://www.gentoo.org/security/en/glsa/glsa-200408-05.xml Patch Third Party Advisory
http://www.securityfocus.com/bid/10873 Broken Link Patch Third Party Advisory VDB Entry
http://osvdb.org/8331 Broken Link
http://secunia.com/advisories/12233 Broken Link Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16904 Third Party Advisory VDB Entry
History
Created Old Value New Value Data Type Notes
2022-05-10 15:48:21 Added to TrackCVE