Cross-Site Scripting Vulnerability in Opera for Android
CVE-2020-6159

6.1MEDIUM

Key Information:

Vendor: Opera
Status: Opera For Android
Vendor: CVE Published:; 23 December 2020

What is CVE-2020-6159?

This vulnerability in Opera for Android can allow users to be misled into executing cross-site scripting (XSS) attacks against themselves. Typically, URLs using the 'javascript:' protocol have their protocol removed to safeguard users from XSS risks. However, in specific scenarios, this protective measure fails, leaving users susceptible to social engineering tactics. Users are strongly advised to update their Opera for Android browser to the latest version to mitigate risks related to this flaw.

Affected Version(s)

Opera for Android Below 61.0.3076.56532

References

https://security.opera.com/cross-site-scripting-in-ofa-op...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2020
Vulnerability Reserved
Jan 7, 2020