Security Advisory

CVE-2020-6159

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-12-23 15:08:58

Last updated 2024-08-04 08:55:21

Assigner Opera

State PUBLISHED

Description

URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.

← Browse all CVEs View on cve.org ↗