header-logo
Suggest Exploit
vendor:
Opera
by:
SecurityFocus
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: Opera
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Opera HTML Injection Vulnerability

It has been reported that, when generating HTML to display images or embedded media, Opera does not correctly format the provided URL or sufficiently encode URLs to local files. As a result of this lack of sanitization Opera is vulnerable to HTML injection attacks when handling local image or media files.

Mitigation:

Ensure that all user-supplied input is properly sanitized and encoded before being used in HTML output.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6756/info

It has been reported that, when generating HTML to display images or embedded media, Opera does not correctly format the provided URL or sufficiently encode URLs to local files.

As a result of this lack of sanitization Opera is vulnerable to HTML injection attacks when handling local image or media files.

open("file://localhost/images/file.gif?\"><script>alert(location.href);</script>","","");

Navigation

Suggest Exploit

Services By CQR