cbcvebase.
CVE-2009-3265
published 2009-09-18

CVE-2009-3265: Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed…

PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.68%
74.2th percentile
Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
operaopera_browser
operaopera_browser
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.