CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
91.6%
Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected.
Vendor | Product | Version | CPE |
---|---|---|---|
opera | opera_browser | * | cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:* |
opera | opera_browser | 7.0 | cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:* |
opera | opera_browser | 7.23 | cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:* |
opera | opera_browser | 7.53 | cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:* |
opera | opera_browser | 7.54 | cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:* |
opera | opera_browser | 7.60 | cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:* |
opera | opera_browser | 8.0 | cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:* |
opera | opera_browser | 8.01 | cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:* |
opera | opera_browser | 8.02 | cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:* |
opera | opera_browser | 8.50 | cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:* |