Opera 7 - Image Rendering HTML Injection

EDB-ID:

22217

CVE:

N/A




Platform:

Windows

Date:

2003-02-04


source: https://www.securityfocus.com/bid/6756/info

It has been reported that, when generating HTML to display images or embedded media, Opera does not correctly format the provided URL or sufficiently encode URLs to local files.

As a result of this lack of sanitization Opera is vulnerable to HTML injection attacks when handling local image or media files.

open("file://localhost/images/file.gif?\"><script>alert(location.href);</script>","","");