CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6159
https://notcve.org/view.php?id=CVE-2020-6159
23 Dec 2020 — URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532. Las URL que usan "javascript:" tienen el protocolo removido cuando se pegaban en la barra de direcciones para proteger a usuarios de ataques d... • https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19788
https://notcve.org/view.php?id=CVE-2019-19788
18 Dec 2019 — Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context. Opera para Android versiones anteriores a 54.0.2669.49432, es vulnerable a un ataque de omisión de iframe de origen cruzado dentro del sandbox. Al utilizar un servicio que funciona dentr... • https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories •
CVSS: 6.1EPSS: 0%CPEs: 174EXPL: 0CVE-2013-4705
https://notcve.org/view.php?id=CVE-2013-4705
13 Sep 2013 — Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding. Vulnerabilidad Cross-site scripting (XSS) en Opera anterior a v15.00 que permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias aprovechamiento la codificación UTF-8. • http://jvn.jp/en/jp/JVN01094166/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 176EXPL: 0CVE-2013-3210
https://notcve.org/view.php?id=CVE-2013-3210
19 Apr 2013 — Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain. Opera antes de v12.15 no bloquea adecuadamente dominios de nivel superior en los encabezados Set-Cookie, lo que permite a atacantes remotos obtener información sensible mediante el aprovechamiento de control de un sitio web diferente en el mismo dominio de nivel superior. • http://www.opera.com/docs/changelogs/unified/1215 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 173EXPL: 0CVE-2013-3211
https://notcve.org/view.php?id=CVE-2013-3211
19 Apr 2013 — Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue." Vulnerabilidad no especificada en Opera antes de v12.15 tiene un impacto y vectores de ataque desconocidos, relacionado con un "problema de moderada severidad". • http://www.opera.com/docs/changelogs/unified/1215 •
CVSS: 8.8EPSS: 0%CPEs: 165EXPL: 0CVE-2012-6460
https://notcve.org/view.php?id=CVE-2012-6460
02 Jan 2013 — Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site. Opera v11.67 y anteriores y v12.x antes de v12.02, permite a atacantes remotos provocar el truncamiento de un diálogo, y posiblemente provocar la descarga y ejecución de programas de su elección, a través de un sitio web diseñado para tal fin. • http://www.opera.com/docs/changelogs/unified/1202 •
CVSS: 7.5EPSS: 0%CPEs: 167EXPL: 0CVE-2012-6461 – Gentoo Linux Security Advisory 201406-14
https://notcve.org/view.php?id=CVE-2012-6461
02 Jan 2013 — The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service. La funcionalidad de validación de certificado X.509 en la implementación de https en Opera antes de v12.10 permite a atacantes remotos provocar una falsa indicación de comprobación exitosa causando un fallo de un servicio de control simple. Multiple vulnerabilities hav... • http://www.opera.com/docs/changelogs/unified/1210 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 167EXPL: 0CVE-2012-6462 – Gentoo Linux Security Advisory 201406-14
https://notcve.org/view.php?id=CVE-2012-6462
02 Jan 2013 — Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request. Opera antes de v12.10 no implementa correctamente la especificición de compartición de recursos de origen cruzado (Cross-Origin Resource Sharing - CORS), la cual permite a atacantes remotos evitar restricciones de acceso a contenidos de páginas a través de una petición hecha a mano. Multiple vulnerabilities ha... • http://www.opera.com/docs/changelogs/unified/1210 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 167EXPL: 0CVE-2012-6463 – Gentoo Linux Security Advisory 201406-14
https://notcve.org/view.php?id=CVE-2012-6463
02 Jan 2013 — Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Opera antes de v12.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados que involucran una secuencia de carga de documentos y carga de URLs del tipo 'data:' .... • http://www.opera.com/docs/changelogs/unified/1210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 167EXPL: 0CVE-2012-6464 – Gentoo Linux Security Advisory 201406-14
https://notcve.org/view.php?id=CVE-2012-6464
02 Jan 2013 — Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Opera antes de v12.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través código JavaScript que reemplaza los métodos de objetos nativos no especificados en los do... • http://www.opera.com/docs/changelogs/unified/1210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •