CVE-2009-3265
Opera Browser 9 and 10 - Cross-Site Scripting via RSS or Atom Feed
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6370
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/506517/100/0/threaded
Various Sources x_refsource_misc
http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/
Scores
EPSS
0.0022
EPSS Percentile
45.1%
Details
CWE
CWE-79
Status
published
Products (2)
opera/opera_browser
9.0
opera/opera_browser
10.00
Published
Sep 18, 2009
Tracked Since
Feb 18, 2026