VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 19, 2008· Updated Apr 23, 2026

CVE-2008-5682

CVE-2008-5682

Description

Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting in Opera <9.63 allows remote attackers to inject arbitrary script or HTML via built-in XSLT templates.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in Opera web browser versions prior to 9.63. The flaw is located in the handling of built-in XSLT templates, which allows an attacker to inject arbitrary web script or HTML. The vulnerable code path is reachable when a user visits a malicious web page that triggers the XSLT processing [1] [2].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious web page that contains specially constructed XSLT content. The victim must simply browse to the attacker-controlled page using a vulnerable version of Opera. No additional privileges or user interaction beyond normal browsing is required [1] [3].

Impact

Successful exploitation results in arbitrary script execution in the context of the user's browser session, potentially leading to information disclosure, session hijacking, or other client-side attacks. The attacker achieves the same level of access as the legitimate web page loaded in the browser [3].

Mitigation

The vulnerability was fixed in Opera version 9.63, released on December 16, 2008. Users should upgrade to Opera 9.63 or later. For Linux Gentoo users, version 9.64 was made available. No known workarounds exist [1] [2] [3].

References
  1. Browser Problems? We can help you! | Help & FAQ | Opera
  2. Get to know Opera
  3. Multiple vulnerabilities (GLSA 200903-30) — Gentoo security

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

115
  • Opera/Opera Browser114 versions
    cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*+ 113 more
    • cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*range: <=9.62
    • cpe:2.3:a:opera:opera_browser:1.00:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:2.00:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:2.10:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:2.10:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:2.10:beta3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:2.12:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:3.00:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:3.00:beta:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:3.21:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:3.50:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:3.51:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:3.60:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:3.61:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:3.62:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:3.62:beta:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:4.00:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:4.00:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:4.00:beta3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:4.00:beta4:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:4.00:beta5:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:4.00:beta6:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:4.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:4.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.24:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.25:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.26:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.27:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.50:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.50:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.50:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.60:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.60:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.61:*:*:*:*:*:*:*
  • Opera/Operallm-fuzzy
    Range: <9.63

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.