VYPR
Unrated severityNVD Advisory· Published Aug 31, 2009· Updated Jun 16, 2026

CVE-2009-3013

CVE-2009-3013

Description

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

25
  • Opera/Opera Browser24 versions
    cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*+ 23 more
    • cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*range: <=9.52
    • cpe:2.3:a:opera:opera_browser:10.00:beta_3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*
  • Opera/Operallm-fuzzy
    Range: <=9.52, =10.00 Beta 3 Build 1699

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.