CVE-2002-0270

Opera Software Opera Web Browser - XSS

Title source: rule

Description

Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.

References (1)

[Mailing List] http://marc.info/?l=bugtraq&m=101363764421623&w=2

Scores

EPSS 0.0028

EPSS Percentile 51.2%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

opera_software/opera_web_browser

Timeline

Published May 29, 2002

Tracked Since Feb 18, 2026