URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-12-23
Updated
2020-12-23
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.
Max CVSS
4.3
EPSS Score
34.43%
Published
2008-10-30
Updated
2017-08-08
CVE-2008-4696
Public exploit
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
Max CVSS
4.3
EPSS Score
85.75%
Published
2008-10-23
Updated
2018-10-11
3 vulnerabilities found