CVE-2002-2358

Opera Web Browser 6.0-6.04 - Cross-Site Scripting via FTP URL Title Tag

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2358. PoCs published by Eiji James Yoshida.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Opera 6.03 and 6.04 for Windows 2000. It leverages unsanitized data within <title> tags in FTP URLs to execute arbitrary JavaScript code.

Description

Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Eiji James Yoshida · htmlremotewindows

https://www.exploit-db.com/exploits/21681

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Opera 6.03 and 6.04 for Windows 2000. It leverages unsanitized data within <title> tags in FTP URLs to execute arbitrary JavaScript code.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Opera 6.03 and 6.04 for Windows 2000

No auth needed

Prerequisites: Victim must be using a vulnerable version of Opera · Victim must visit a malicious webpage or FTP URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://online.securityfocus.com/archive/1/286151

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5401

Exploit mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0061.html

Vendor Advisory x_refsource_misc

http://www.opera.com/windows/changelogs/605/?session=b2a9ea38c710788c23970ba2c9a34d47

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9757.php

Scores

EPSS 0.0155

EPSS Percentile 71.8%

Details

CWE

CWE-79

Status published

Products (5)

opera_software/opera_web_browser 6.0 (2 CPE variants)

opera_software/opera_web_browser 6.0.1 (3 CPE variants)

opera_software/opera_web_browser 6.0.2

opera_software/opera_web_browser 6.0.3

opera_software/opera_web_browser 6.0.4

Published Dec 31, 2002

Tracked Since Feb 18, 2026