CVE-2002-0898

Opera 6.0.1-6.0.2 - XSS

Title source: llm

Description

Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GreyMagic Software · htmlremotewindows

https://www.exploit-db.com/exploits/21483

View Code ZIP pw:eip

References (5)

[Exploit, Patch, Vendor Advisory] http://www.iss.net/security_center/static/9188.php

[Vendor Advisory] http://www.opera.com/windows/changelog/log603.html

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/4834

[Mailing List] http://marc.info/?l=ntbugtraq&m=102256058220402&w=2

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/274202

Scores

EPSS 0.0471

EPSS Percentile 89.4%

Details

Status published

Products (2)

opera_software/opera_web_browser 6.0.1

opera_software/opera_web_browser 6.0.2

Published Oct 04, 2002

Tracked Since Feb 18, 2026