7 lines
No EOL
456 B
Text
7 lines
No EOL
456 B
Text
source: http://www.securityfocus.com/bid/6756/info
|
|
|
|
It has been reported that, when generating HTML to display images or embedded media, Opera does not correctly format the provided URL or sufficiently encode URLs to local files.
|
|
|
|
As a result of this lack of sanitization Opera is vulnerable to HTML injection attacks when handling local image or media files.
|
|
|
|
open("file://localhost/images/file.gif?\"><script>alert(location.href);</script>","",""); |