|
|
Log in / Subscribe / Register

opera: cross-site scripting

Package(s):opera CVE #(s):CVE-2009-3265 CVE-2009-3266
Created:November 24, 2009 Updated:November 24, 2009
Description: Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. (CVE-2009-3265)

Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." (CVE-2009-3266)

Alerts:
SuSE SUSE-SR:2009:019 cups, jetty5, libqt4/dbus-1-qt, opera, puretls/jessie, kdegraphics3-pdf, qemu 2009-11-24
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds