Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0898

4 documents4 sources

Severity

5.0MEDIUM

EPSS

7.0%

top 8.56%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Opera Software Opera WEB Browser

Timeline

PublishedNov 15

Latest updateApr 30

Description

Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDopera_software/opera_web_browser6.0

🔴Vulnerability Details

GHSA

GHSA-gh5x-cpm6-9f9c: Opera 6↗2022-04-30

▶

CVEList

CVE-2001-0898: Opera 6↗2002-02-02

▶

💥Exploits & PoCs

Exploit-DB

Opera 5.0/5.1 - Same Origin Policy Circumvention↗2001-11-15

▶