User Experience Cross-Site Scripting Vulnerability in Opera Mini for iOS
CVE-2019-13607

6.1MEDIUM

Key Information:

Vendor: Opera
Status: Mini
Vendor: CVE Published:; 18 July 2019

What is CVE-2019-13607?

The Opera Mini application for iOS, up to version 16.0.14, is susceptible to a User Experience Cross-Site Scripting (UXSS) vulnerability. This issue allows attackers to execute arbitrary JavaScript in the context of a user’s session by navigating to a specially crafted javascript: URL. Such vulnerabilities can lead to unauthorized data access and compromise user security.

References

https://blog.rakeshmane.com/2019/07/u-xss-in-operamini-fo...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2019
Vulnerability Reserved
Jul 14, 2019