Opera FTP View Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

Opera FTP View Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability in Opera has been reported. When viewing the contents of an FTP site as web content, the data within <title> tags is not sanitized. An attacker may embed javascript between open and closing <title> tags in a FTP URL.

This vulnerability has been confirmed on Opera 6.03 and 6.04 for Windows 2000.