3 matches found
CVE-2020-6159
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting XSS attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This...
CVE-2020-6159
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting XSS attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This...
CVE-2020-6159
CVE-2020-6159 affects Opera for Android versions below 61.0.3076.56532. The issue arises when a URL containing javascript: is pasted into the address bar and the protocol removal step can fail, potentially allowing a user to be socially engineered into self-XSS. The provided documents confirm the...