exploitDog

CVE-2020-6159

Опубликовано: 23 дек. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.

Ссылки

https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/
Vendor Advisory
https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opera:opera:*:*:*:*:*:android:*:*

Версия до 61.0.3076.56532 (исключая)

EPSS

Процентиль: 58%

0.00359

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-7hrc-g4hv-6p8r

github

больше 3 лет назад

URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.

EPSS

Процентиль: 58%

0.00359

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79