CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6159
https://notcve.org/view.php?id=CVE-2020-6159
23 Dec 2020 — URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532. Las URL que usan "javascript:" tienen el protocolo removido cuando se pegaban en la barra de direcciones para proteger a usuarios de ataques d... • https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19788
https://notcve.org/view.php?id=CVE-2019-19788
18 Dec 2019 — Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context. Opera para Android versiones anteriores a 54.0.2669.49432, es vulnerable a un ataque de omisión de iframe de origen cruzado dentro del sandbox. Al utilizar un servicio que funciona dentr... • https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 2CVE-2010-5227 – Opera 10.61 - 'dwmapi.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-5227
07 Sep 2012 — Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en Opera anterior a v10.62 permite a usuarios locales obtener privilegios a través de un archivo dwmapi.dll caballo de troya en el di... • https://www.exploit-db.com/exploits/14732 •
CVSS: 6.8EPSS: 0%CPEs: 75EXPL: 0CVE-2009-2068
https://notcve.org/view.php?id=CVE-2009-2068
15 Jun 2009 — Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." Google Chrome detecta contenido http en páginas https únicamente cuando el marco (frame) de nivel superior usa https, lo que permite a atacantes "hombre... • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 4%CPEs: 97EXPL: 0CVE-2008-5679
https://notcve.org/view.php?id=CVE-2008-5679
19 Dec 2008 — The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. El motor de análisis HTML en versiones de Opera anteriores a la 9.63 permite a atacantes remotos ejecutar código arbitrario a través de páginas web convenientemente modificadas ocasionando un calculo de puntero inválido y la corrupción del montículo (heap). • http://secunia.com/advisories/34294 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 8%CPEs: 73EXPL: 1CVE-2008-4794
https://notcve.org/view.php?id=CVE-2008-4794
30 Oct 2008 — Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696. Opera antes de v9.62 permite a atacantes remotos ejecutar comandos de su elección mediante la página de resultados Search History, una vulnerabilidad distinta a CVE-2008-4696. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 14%CPEs: 73EXPL: 2CVE-2008-4795 – Opera Web Browser 9.x - History Search and Links Panel Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-4795
30 Oct 2008 — The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks. El panel de enlaces en Opera antes de v9.62 procesa el JavaScript dentro del contexto de la "última página" de un marco, lo que permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante ataques de secuencias de comandos en sitios cruzados (XSS) • https://www.exploit-db.com/exploits/32548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 14%CPEs: 79EXPL: 0CVE-2008-4695
https://notcve.org/view.php?id=CVE-2008-4695
23 Oct 2008 — Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context. Opera versiones anteriores a v9.60 permite a atacantes remotos obtener información sensible y tener otros impactos desconocidos prediciendo la ruta de la caché de un applet de Java cacheado y entonces lanzar este applet desde la caché, ll... • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 80%CPEs: 74EXPL: 4CVE-2008-4696 – Opera 9.50/9.61 historysearch - Command Execution
https://notcve.org/view.php?id=CVE-2008-4696
23 Oct 2008 — Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Opera.dll de Opera versiones anteriores a v9.61 permite a atacantes remotos inyectar web script o HTML a través de identificadores ancla (también conocido com... • https://www.exploit-db.com/exploits/9944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 8%CPEs: 73EXPL: 0CVE-2008-4293
https://notcve.org/view.php?id=CVE-2008-4293
27 Sep 2008 — Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications. Vulnerabilidad no especificada en Opera antes de v9.52 para Windows, cuando se registra como un manejador del protocolo, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos en los cuales se ejecuta Opera a ... • http://secunia.com/advisories/31549 •