CVE-2004-1157 — Injection in Browser

CWE-74 — Injection3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 28.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opera Browser

Timeline

PublishedJan 10

Latest updateApr 29

Description

Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDopera/opera_browser7.0 — 7.54

🔴Vulnerability Details

GHSA

GHSA-q8g3-xrmf-cprw: Opera 7↗2022-04-29

▶

CVEList

CVE-2004-1157: Opera 7↗2004-12-10

▶