CVE-2012-4144
Opera < 12.01 - Cross-Site Scripting via DOM Element Character Escape Bypass
Title source: llmDescription
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/mac/1166/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/windows/1201/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/mac/1201/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/unix/1201/
Vendor Advisory x_refsource_confirm
http://www.opera.com/support/kb/view/1025/
Scores
EPSS
0.0040
EPSS Percentile
61.1%
Details
CWE
CWE-79
Status
published
Products (27)
opera/opera_browser
12.00 beta (2 CPE variants)
opera/opera_browser
10.00 (4 CPE variants)
opera/opera_browser
10.01
opera/opera_browser
10.10 (2 CPE variants)
opera/opera_browser
10.11
opera/opera_browser
10.50 (3 CPE variants)
opera/opera_browser
10.51
opera/opera_browser
10.52 (3 CPE variants)
opera/opera_browser
10.53 (3 CPE variants)
opera/opera_browser
10.54
... and 17 more
Published
Aug 06, 2012
Tracked Since
Feb 18, 2026