CVE-2013-1639 — Cross-Site Request Forgery in Browser
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 71.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 8
Latest updateMay 17
Description
Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4