Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-2358

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.6%

top 30.73%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Opera Software Opera WEB Browser

Timeline

PublishedDec 31

Latest updateApr 30

Description

Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDopera_software/opera_web_browser5 versions+4

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-46wv-xhr9-cwgq: Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6↗2022-04-30

▶

CVEList

CVE-2002-2358: Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6↗2007-10-29

▶

💥Exploits & PoCs

Exploit-DB

Opera 6.0.x - FTP View Cross-Site Scripting↗2002-08-06

▶