CVE-2020-6157

MEDIUM

Opera Touch for iOS <2.4.5 - CSRF

Title source: llm

Description

Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.

References (1)

[Vendor Advisory] https://security.opera.com/address-bar-spoofing-in-opera-touch-for-ios-opera-security-advisories/

Scores

CVSS v3 4.3

EPSS 0.0026

EPSS Percentile 48.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Classification

Status published

Affected Products (1)

opera/opera_touch < 2.4.5

Timeline

Published Nov 13, 2020

Tracked Since Feb 18, 2026