CVE-2002-0270: XSS
First published: Fri May 03 2002(Updated: )
Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opera Browser | =9.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-0270?
CVE-2002-0270 is considered a moderate vulnerability due to its potential for remote script execution.
How do I fix CVE-2002-0270?
To mitigate CVE-2002-0270, ensure that the 'Determine action by MIME type' option is enabled in the Opera browser settings.
What software versions are affected by CVE-2002-0270?
CVE-2002-0270 specifically affects Opera browser version 9.10.
Can CVE-2002-0270 allow for cross-site scripting attacks?
Yes, CVE-2002-0270 could potentially allow remote attackers to conduct cross-site scripting attacks due to improper MIME type handling.
What impact does CVE-2002-0270 have on user security?
CVE-2002-0270 compromises user security by enabling the execution of unexpected scripts in web documents.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/opera software
- canonical/opera browser
- version/opera browser/9.10