Cross-site scripting in Opera

Posted: October 8, 2012 in Vulnerabilities
Tags: , , , ,

Opera AlertVulnerability: Cross-site scripting in Opera

Danger: Middle
If the Patch: None
Number of vulnerabilities: 1
Impact: Cross Site Scripting
Affected products: Opera 12.x

Affected versions: Opera 12.02 for Windows, Mac OS and Linux, possibly earlier

Description:

The vulnerability allows malicious people to conduct XSS attacks.

The vulnerability is caused due to insufficient processing data: URL. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an arbitrary site. Example of use:

data: text / html; base64, PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ +

Manufacturer URL: www.opera.com

Solution: The way to eliminate the vulnerability does not exist at present.

links:

https://rdot.org/forum/showthread.php?t=2444

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s