Vulnerabilities > Opera

DATE CVE VULNERABILITY TITLE RISK
2021-01-11 CVE-2021-23253 Unspecified vulnerability in Opera Mini
Opera Mini for Android below 53.1 displays URL left-aligned in the address field.
network
low complexity
opera
5.0
2020-12-23 CVE-2020-6159 Cross-site Scripting vulnerability in Opera 52.1.2517.139570/54.0.2669.49432
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed.
network
opera CWE-79
4.3
2020-11-13 CVE-2020-6157 Unspecified vulnerability in Opera Touch
Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack.
network
opera
4.3
2020-03-12 CVE-2019-12278 Unspecified vulnerability in Opera 52.1.2517.139570
Opera through 53 on Android allows Address Bar Spoofing.
network
opera
4.3
2019-12-18 CVE-2019-19788 Unspecified vulnerability in Opera 52.1.2517.139570
Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack.
local
low complexity
opera
2.1
2019-10-29 CVE-2019-18624 Improper Input Validation vulnerability in Opera Mini 44.1.2254.142553/44.1.2254.142659/44.1.2254.143214
Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt.
network
low complexity
opera CWE-20
7.5
2019-07-18 CVE-2019-13607 Cross-site Scripting vulnerability in Opera Mini 16.0.14
The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL.
network
opera CWE-79
4.3
2019-03-21 CVE-2018-18913 Untrusted Search Path vulnerability in Opera Browser
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target.
6.9
2018-03-28 CVE-2018-6608 Information Exposure vulnerability in Opera Browser 51.0.2830.55
In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
network
opera CWE-200
4.3
2017-04-21 CVE-2016-4075 Open Redirect vulnerability in Opera Browser and Opera Mini
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.
network
opera CWE-601
5.8