CVE-2004-2570

critical

Description

Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/16904

http://www.gentoo.org/security/en/glsa/glsa-200408-05.xml

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2022-02-28

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

Detections

Analytics