2008-09-27 00:00:00
mitre
PUBLISHED
Opera before 9.52 does not ensure that the address field of a news feed represents the feeds actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.