CVE-2008-4696 [Medium] | XSS in Opera

CVE-2008-4696 is rated High Exploit Risk (62.6/100): CVSS Medium severity, with high exploitation likelihood (EPSS 62.12%, 98th percentile). 4 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

EDB-ID	Source	Kind	Published	Link
16304	exploit_db	edb	2010-11-11	Exploit-DB ↗
9944	exploit_db	edb	2008-10-23	Exploit-DB ↗
6801	exploit_db	edb	2008-10-22	Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

16304

exploit_db

edb

2010-11-11

Exploit-DB ↗

9944

exploit_db

edb

2008-10-23

Exploit-DB ↗

6801

exploit_db

edb

2008-10-22

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-03-30	66.08%	62.12%	-3.96%
2	2025-03-29	62.12%	66.08%	+3.96%
3	2025-03-17	—	62.12%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-03-30

66.08%

62.12%

-3.96%

2025-03-29

62.12%

66.08%

+3.96%

2025-03-17

—

62.12%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.3	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:N/I:P/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:N) No availability impact.	8.6	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.3

2.0

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:N): No availability impact.

8.6

2.9

[email protected]

OS Trackers for CVE-2008-4696

vendor	priority	summary	link
`gentoo`	normal	CVE-2008-4696: 1 GLSA(s) (200811-01), 1 atom(s) (www-client/opera); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2008-4696
`ubuntu`	low	CVE-2008-4696 low priority: Ubuntu including 1 source packages (opera), 5 status rows across 5 suites (dapper, gutsy, hardy, intrepid, upstream): DNE 4, released 1.	https://ubuntu.com/security/CVE-2008-4696

Affected software / configurations for CVE-2008-4696

Vendor	Product	Version	Raw CPE
opera	opera	—	cpe:2.3:a:opera:opera::::::::
opera	opera	<= 9.6	cpe:2.3:a:opera:opera::::::::
opera	opera	5..10	cpe:2.3:a:opera:opera:5..10:::::::*
opera	opera	5.0	cpe:2.3:a:opera:opera:5.0:::::::*
opera	opera	5.1	cpe:2.3:a:opera:opera:5.1:::::::*
opera	opera	5.2	cpe:2.3:a:opera:opera:5.2:::::::*
opera	opera	5.3	cpe:2.3:a:opera:opera:5.3:::::::*
opera	opera	5.4	cpe:2.3:a:opera:opera:5.4:::::::*
opera	opera	5.5	cpe:2.3:a:opera:opera:5.5:::::::*
opera	opera	5.6	cpe:2.3:a:opera:opera:5.6:::::::*
opera	opera	5.7	cpe:2.3:a:opera:opera:5.7:::::::*
opera	opera	5.8	cpe:2.3:a:opera:opera:5.8:::::::*
opera	opera	5.9	cpe:2.3:a:opera:opera:5.9:::::::*
opera	opera	5.11	cpe:2.3:a:opera:opera:5.11:::::::*
opera	opera	5.12	cpe:2.3:a:opera:opera:5.12:::::::*
opera	opera	6	cpe:2.3:a:opera:opera:6:beta_1::::::
opera	opera	6.0	cpe:2.3:a:opera:opera:6.0:::::::*
opera	opera	6.01	cpe:2.3:a:opera:opera:6.01:::::::*
opera	opera	6.02	cpe:2.3:a:opera:opera:6.02:::::::*
opera	opera	6.03	cpe:2.3:a:opera:opera:6.03:::::::*
opera	opera	6.04	cpe:2.3:a:opera:opera:6.04:::::::*
opera	opera	6.05	cpe:2.3:a:opera:opera:6.05:::::::*
opera	opera	6.06	cpe:2.3:a:opera:opera:6.06:::::::*
opera	opera	7	cpe:2.3:a:opera:opera:7:beta_1::::::
opera	opera	7	cpe:2.3:a:opera:opera:7:beta_1.2::::::
opera	opera	7.0	cpe:2.3:a:opera:opera:7.0:::::::*
opera	opera	7.0	cpe:2.3:a:opera:opera:7.0:beta_2::::::
opera	opera	7.01	cpe:2.3:a:opera:opera:7.01:::::::*
opera	opera	7.02	cpe:2.3:a:opera:opera:7.02:::::::*
opera	opera	7.03	cpe:2.3:a:opera:opera:7.03:::::::*
opera	opera	7.10	cpe:2.3:a:opera:opera:7.10:::::::*
opera	opera	7.11	cpe:2.3:a:opera:opera:7.11:::::::*
opera	opera	7.20	cpe:2.3:a:opera:opera:7.20:::::::*
opera	opera	7.20	cpe:2.3:a:opera:opera:7.20:beta7::::::
opera	opera	7.21	cpe:2.3:a:opera:opera:7.21:::::::*
opera	opera	7.22	cpe:2.3:a:opera:opera:7.22:::::::*
opera	opera	7.23	cpe:2.3:a:opera:opera:7.23:::::::*
opera	opera	7.50	cpe:2.3:a:opera:opera:7.50:::::::*
opera	opera	7.50	cpe:2.3:a:opera:opera:7.50:beta_1::::::
opera	opera	7.51	cpe:2.3:a:opera:opera:7.51:::::::*
opera	opera	7.52	cpe:2.3:a:opera:opera:7.52:::::::*
opera	opera	7.53	cpe:2.3:a:opera:opera:7.53:::::::*
opera	opera	7.54	cpe:2.3:a:opera:opera:7.54:::::::*
opera	opera	7.54	cpe:2.3:a:opera:opera:7.54:update_1::::::
opera	opera	7.54	cpe:2.3:a:opera:opera:7.54:update_2::::::
opera	opera	8.0	cpe:2.3:a:opera:opera:8.0:::::::*
opera	opera	8.0	cpe:2.3:a:opera:opera:8.0:beta_1::::::
opera	opera	8.0	cpe:2.3:a:opera:opera:8.0:beta_2::::::
opera	opera	8.0	cpe:2.3:a:opera:opera:8.0:beta_3::::::
opera	opera	8.01	cpe:2.3:a:opera:opera:8.01:::::::*
opera	opera	8.02	cpe:2.3:a:opera:opera:8.02:::::::*
opera	opera	8.50	cpe:2.3:a:opera:opera:8.50:::::::*
opera	opera	8.51	cpe:2.3:a:opera:opera:8.51:::::::*
opera	opera	8.52	cpe:2.3:a:opera:opera:8.52:::::::*
opera	opera	8.53	cpe:2.3:a:opera:opera:8.53:::::::*
opera	opera	8.54	cpe:2.3:a:opera:opera:8.54:::::::*
opera	opera	9.0	cpe:2.3:a:opera:opera:9.0:::::::*
opera	opera	9.0	cpe:2.3:a:opera:opera:9.0:beta_1::::::
opera	opera	9.0	cpe:2.3:a:opera:opera:9.0:beta_2::::::
opera	opera	9.01	cpe:2.3:a:opera:opera:9.01:::::::*
opera	opera	9.02	cpe:2.3:a:opera:opera:9.02:::::::*
opera	opera	9.10	cpe:2.3:a:opera:opera:9.10:::::::*
opera	opera	9.20	cpe:2.3:a:opera:opera:9.20:::::::*
opera	opera	9.20	cpe:2.3:a:opera:opera:9.20:beta_1::::::
opera	opera	9.21	cpe:2.3:a:opera:opera:9.21:::::::*
opera	opera	9.22	cpe:2.3:a:opera:opera:9.22:::::::*
opera	opera	9.23	cpe:2.3:a:opera:opera:9.23:::::::*
opera	opera	9.24	cpe:2.3:a:opera:opera:9.24:::::::*
opera	opera	9.25	cpe:2.3:a:opera:opera:9.25:::::::*
opera	opera	9.26	cpe:2.3:a:opera:opera:9.26:::::::*
opera	opera	9.27	cpe:2.3:a:opera:opera:9.27:::::::*
opera	opera	9.50	cpe:2.3:a:opera:opera:9.50:::::::*
opera	opera	9.50	cpe:2.3:a:opera:opera:9.50:beta_2::::::
opera	opera	9.51	cpe:2.3:a:opera:opera:9.51:::::::*

References for CVE-2008-4696

URL	Tags
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html
http://secunia.com/advisories/32299	Vendor Advisory
http://secunia.com/advisories/32394
http://secunia.com/advisories/32538
http://security.gentoo.org/glsa/glsa-200811-01.xml
http://securityreason.com/securityalert/4504
http://www.openwall.com/lists/oss-security/2008/10/21/6
http://www.openwall.com/lists/oss-security/2008/10/22/5
http://www.opera.com/docs/changelogs/freebsd/961/	Patch
http://www.opera.com/docs/changelogs/linux/961/	Patch
http://www.opera.com/docs/changelogs/mac/961/	Patch
http://www.opera.com/docs/changelogs/solaris/961/
http://www.opera.com/docs/changelogs/windows/961/
http://www.opera.com/support/search/view/903/	Vendor Advisory
http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf
http://www.securityfocus.com/archive/1/497646/100/0/threaded
http://www.securityfocus.com/bid/31869	Exploit Patch
http://www.vupen.com/english/advisories/2008/2873
https://exchange.xforce.ibmcloud.com/vulnerabilities/46003
https://www.exploit-db.com/exploits/6801

URL

CVE-2008-4696

Public exploit references (Exploit-DB) for CVE-2008-4696

Exploit prediction scoring system (EPSS) score for CVE-2008-4696

Common vulnerability scoring system (CVSS) metrics for CVE-2008-4696

Weakness enumeration for CVE-2008-4696

OS Trackers for CVE-2008-4696

Affected software / configurations for CVE-2008-4696

References for CVE-2008-4696