CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16135
https://notcve.org/view.php?id=CVE-2018-16135
The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site. La aplicación Opera Mini 47.1.2249.129326 para Android permite a atacantes remotos falsificar el cuadro de diálogo Permiso de ubicación a través de un sitio web manipulado. • https://payatu.com/advisory/opera-mini-location-permission-spoof- •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23253
https://notcve.org/view.php?id=CVE-2021-23253
Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g. www.safe.opera.com…) The exact amount depends on the phone screen size but the attacker can craft a number of different domains and target different phones. Starting with version 53.1 Opera Mini displays long URLs with the top-level domain label aligned to the right of the address field which mitigates the issue. Opera Mini para Android versiones por debajo de 53.1, muestra la URL alineada a la izquierda en el campo de dirección. • https://security.opera.com/address-bar-spoofing-in-opera-mini-opera-security-advisories •