CVE-2020-6159

MEDIUM

Opera for Android <61.0.3076.56532 - XSS

Title source: llm

Description

URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.

References (1)

[Vendor Advisory] https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/

Scores

CVSS v3 6.1

EPSS 0.0036

EPSS Percentile 57.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (1)

opera/opera < 61.0.3076.56532

Timeline

Published Dec 23, 2020

Tracked Since Feb 18, 2026