Script injection in feed preview can reveal contents of unrelated news feeds

2008-12-15T00:00:00
ID OPERA:923
Type opera
Reporter Opera
Modified 2008-12-15T00:00:00

Description

When Opera is previewing a news feed, some scripted URLs are not correctly blocked. These can execute scripts which are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive information.