Page 49 of 271 results (0.017 seconds)

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0

Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." • http://secunia.com/advisories/15488 http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test http://secunia.com/secunia_research/2005-8 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. • http://secunia.com/advisories/15008 http://secunia.com/secunia_research/2005-4/advisory http://www.securityfocus.com/bid/13970 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. • http://secunia.com/advisories/15411 http://secunia.com/secunia_research/2005-5/advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks. • http://www.geotrust.com/resources/advisory/sslorg/index.htm http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm http://www.novell.com/linux/security/advisories/2005_31_opera.html http://www.securityfocus.com/bid/13176 https://exchange.xforce.ibmcloud.com/vulnerabilities/40503 •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory. • http://bugs.gentoo.org/show_bug.cgi?id=81747 http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml • CWE-427: Uncontrolled Search Path Element •