9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.105 Low
EPSS
Percentile
95.0%
Opera reports:
When certain parameters are passed to Operaโs History
Search, they can cause content not to be correctly
sanitized. This can allow scripts to be injected into the
History Search results page. Such scripts can then run with
elevated privileges and interact with Operaโs configuration,
allowing them to execute arbitrary code.
The links panel shows links in all frames on the current
page, including links with JavaScript URLs. When a page is
held in a frame, the script is incorrectly executed on the
outermost page, not the page where the URL was located.
This can be used to execute scripts in the context of an
unrelated frame, which allows cross-site scripting.