CVE-2010-2665

medium

Description

Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11362

https://exchange.xforce.ibmcloud.com/vulnerabilities/60646

http://www.vupen.com/english/advisories/2010/1529

http://www.securityfocus.com/bid/40973

http://www.opera.com/support/kb/view/955/

http://www.opera.com/docs/changelogs/windows/1054/

http://www.opera.com/docs/changelogs/unix/1011/

http://www.opera.com/docs/changelogs/mac/1054/

http://secunia.com/advisories/40250

Details

Source: Mitre, NVD

Published: 2010-07-08

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00682