CVE-2012-1926

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 28-03-2012 05:22

Last modified: - 06-10-2022 02:13

Total changes: - 2

Description

Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

Reference

http://www.opera.com/docs/changelogs/unix/1162/
http://www.opera.com/docs/changelogs/mac/1162/
http://www.opera.com/support/kb/view/1012/
http://www.opera.com/docs/changelogs/windows/1162/
48535-
openSUSE-SU-2012:0610-
opera-historypushstate-info-disclosure(74351)-
80622-

Keywords

CVE-2012-1926

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2012-1926

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures