CVE-2002-2358

Opera Software Opera Web Browser - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Eiji James Yoshida · htmlremotewindows

https://www.exploit-db.com/exploits/21681

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/286151

[Exploit, Patch] http://www.securityfocus.com/bid/5401

[Exploit] http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0061.html

[Vendor Advisory] http://www.opera.com/windows/changelogs/605/?session=b2a9ea38c710788c23970ba2c9a34d47

[Third Party Advisory] http://www.iss.net/security_center/static/9757.php

Scores

EPSS 0.0059

EPSS Percentile 69.3%

Details

CWE

CWE-79

Status published

Products (5)

opera_software/opera_web_browser 6.0 (2 CPE variants)

opera_software/opera_web_browser 6.0.1 (3 CPE variants)

opera_software/opera_web_browser 6.0.2

opera_software/opera_web_browser 6.0.3

opera_software/opera_web_browser 6.0.4

Published Dec 31, 2002

Tracked Since Feb 18, 2026