Cross-Site Scripting Vulnerability in Opera for Android
CVE-2020-6159
6.1MEDIUM
Summary
This vulnerability in Opera for Android can allow users to be misled into executing cross-site scripting (XSS) attacks against themselves. Typically, URLs using the 'javascript:' protocol have their protocol removed to safeguard users from XSS risks. However, in specific scenarios, this protective measure fails, leaving users susceptible to social engineering tactics. Users are strongly advised to update their Opera for Android browser to the latest version to mitigate risks related to this flaw.
Affected Version(s)
Opera for Android Below 61.0.3076.56532
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved