Cross-Site Scripting Vulnerability in Opera for Android
CVE-2020-6159

6.1MEDIUM

Key Information:

Vendor
Opera
Vendor
CVE Published:
23 December 2020

Summary

This vulnerability in Opera for Android can allow users to be misled into executing cross-site scripting (XSS) attacks against themselves. Typically, URLs using the 'javascript:' protocol have their protocol removed to safeguard users from XSS risks. However, in specific scenarios, this protective measure fails, leaving users susceptible to social engineering tactics. Users are strongly advised to update their Opera for Android browser to the latest version to mitigate risks related to this flaw.

Affected Version(s)

Opera for Android Below 61.0.3076.56532

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.