CVE-2007-1115
Opera Browser < 9.20 - Cross-Site Scripting via Charset Inheritance
Title source: llmDescription
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22701
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/32118
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1017909
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24312
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0745
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25027
Vendor Advisory x_refsource_confirm
http://www.opera.com/support/search/view/855/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/461076/100/0/threaded
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_28_opera.html
Patch, Vendor Advisory x_refsource_misc
http://www.hardened-php.net/advisory_032007.142.html
Scores
EPSS
0.0128
EPSS Percentile
79.8%
Details
CWE
CWE-79
Status
published
Products (6)
opera/opera_browser
9.0 (3 CPE variants)
opera/opera_browser
9.01
opera/opera_browser
9.02
opera/opera_browser
9.10
opera/opera_browser
9.12
opera/opera_browser
9.20 (2 CPE variants)
Published
Feb 26, 2007
Tracked Since
Feb 18, 2026