CVE-2010-4045Cross-site Scripting in Browser

CWE-2643 documents3 sources
Severity
9.3CRITICALNVD
EPSS
3.5%
top 12.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opera Browser
Timeline
PublishedOct 21
Latest updateMay 17

Description

Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDopera/opera_browser10.62+70

🔴Vulnerability Details

2
GHSA
GHSA-mp32-2fr5-7fpp: Opera before 102022-05-17
CVEList
CVE-2010-4045: Opera before 102010-10-21
CVE-2010-4045 — Cross-site Scripting in Opera Browser | cvebase