Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-2628 — Improper Input Validation in Browser

CWE-20 — Improper Input Validation4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
11.9%
top 6.24%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Opera Browser
Timeline
PublishedJul 1
Latest updateMay 17

Description

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

â–¶NVDopera/opera_browser11.10+75

🔴Vulnerability Details

2
GHSA
GHSA-xvgc-c4mc-v8qh: Opera before 11↗2022-05-17
â–¶
CVEList
CVE-2011-2628: Opera before 11↗2011-07-01
â–¶

💥Exploits & PoCs

1
Exploit-DB
Opera 10/11 - Bad Nesting with Frameset Tag Memory Corruption (Metasploit)↗2011-10-06
â–¶
CVE-2011-2628 — Improper Input Validation in Browser | cvebase