The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.
Max CVSS
4.3
EPSS Score
0.30%
Published
2003-12-31
Updated
2022-03-01
Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header.
Max CVSS
4.3
EPSS Score
0.18%
Published
2003-12-31
Updated
2022-02-24
Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
Max CVSS
4.3
EPSS Score
0.26%
Published
2003-12-31
Updated
2009-01-29
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
Max CVSS
4.0
EPSS Score
0.22%
Published
2004-12-31
Updated
2022-02-28
Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI.
Max CVSS
4.3
EPSS Score
0.48%
Published
2005-08-01
Updated
2022-02-28
Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
Max CVSS
4.3
EPSS Score
0.22%
Published
2007-01-29
Updated
2018-10-30
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
Max CVSS
4.3
EPSS Score
2.75%
Published
2007-02-26
Updated
2018-10-16
Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.
Max CVSS
4.3
EPSS Score
0.18%
Published
2007-10-08
Updated
2022-03-01
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.
Max CVSS
4.3
EPSS Score
0.76%
Published
2007-12-24
Updated
2017-08-08
The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.
Max CVSS
4.3
EPSS Score
0.49%
Published
2007-12-24
Updated
2017-08-08
Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation.
Max CVSS
4.3
EPSS Score
0.31%
Published
2008-02-29
Updated
2012-06-07
Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.32%
Published
2008-09-27
Updated
2011-02-01

CVE-2008-4696

Public exploit
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
Max CVSS
4.3
EPSS Score
85.75%
Published
2008-10-23
Updated
2018-10-11
The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Max CVSS
4.3
EPSS Score
0.47%
Published
2008-10-23
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60.
Max CVSS
4.3
EPSS Score
0.34%
Published
2008-10-23
Updated
2018-10-11
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.
Max CVSS
4.3
EPSS Score
34.43%
Published
2008-10-30
Updated
2017-08-08
Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
Max CVSS
4.3
EPSS Score
0.69%
Published
2008-12-11
Updated
2018-10-11
Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.
Max CVSS
4.3
EPSS Score
0.49%
Published
2008-12-19
Updated
2012-06-07
Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.
Max CVSS
4.3
EPSS Score
0.25%
Published
2008-12-19
Updated
2012-06-07
Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.
Max CVSS
4.3
EPSS Score
1.83%
Published
2009-04-02
Updated
2017-09-29
Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected.
Max CVSS
4.3
EPSS Score
0.41%
Published
2009-07-07
Updated
2018-10-30
Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Max CVSS
4.3
EPSS Score
2.37%
Published
2009-07-20
Updated
2024-02-02
Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site.
Max CVSS
4.3
EPSS Score
0.20%
Published
2009-08-31
Updated
2018-10-30
Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.
Max CVSS
4.3
EPSS Score
0.65%
Published
2009-09-02
Updated
2018-10-30
Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."
Max CVSS
4.3
EPSS Score
0.55%
Published
2009-09-02
Updated
2017-09-19
79 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!