CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
58.7%
Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as demonstrated by the .no or .uk domain.
Vendor | Product | Version | CPE |
---|---|---|---|
opera | opera_browser | 8.0 | cpe:/a:opera:opera_browser:8.0:beta3:: |
opera | opera_browser | 7.0 | cpe:/a:opera:opera_browser:7.0::: |
opera | opera_browser | 5.0 | cpe:/a:opera:opera_browser:5.0:beta6:: |
opera | opera_browser | 5.0 | cpe:/a:opera:opera_browser:5.0:beta5:: |
opera | opera_browser | 7.52 | cpe:/a:opera:opera_browser:7.52::: |
opera | opera_browser | 9.27 | cpe:/a:opera:opera_browser:9.27::: |
opera | opera_browser | 6.0 | cpe:/a:opera:opera_browser:6.0:tp1:: |
opera | opera_browser | 6.03 | cpe:/a:opera:opera_browser:6.03::: |
opera | opera_browser | 9.01 | cpe:/a:opera:opera_browser:9.01::: |
opera | opera_browser | 9.24 | cpe:/a:opera:opera_browser:9.24::: |