Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2009-09-18 15:30
Updated : 2018-10-10 12:43
NVD link : CVE-2009-3265
Mitre link : CVE-2009-3265
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
opera
- opera_browser