VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 1, 2011· Updated Apr 29, 2026

CVE-2011-2609

CVE-2011-2609

Description

Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Opera before 11.50 does not restrict data: URIs, enabling XSS attacks via crafted websites.

Vulnerability

Opera versions prior to 11.50 fail to properly restrict data: URIs, allowing crafted URIs to bypass security boundaries. The vulnerability affects all Opera installations before this version and can be triggered by visiting a malicious website that delivers a data: URI for script execution.

Exploitation

A remote attacker can exploit this flaw by hosting a specially crafted website that includes data: URIs. No authentication or user interaction beyond visiting the site is required, as the browser automatically processes the URI in an unsafe manner.

Impact

Successful exploitation allows an attacker to perform cross-site scripting (XSS) attacks, potentially leading to information disclosure, session hijacking, or other malicious actions within the context of the victim's browser session.

Mitigation

The vulnerability is addressed in Opera 11.50. Users should update to the latest version. No workarounds are mentioned in available references [1].

References
  1. About Secunia Research | Flexera

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

122
  • Opera/Opera Browser121 versions
    cpe:2.3:a:opera:opera_browser:10.00:*:*:*:*:*:*:*+ 120 more
    • cpe:2.3:a:opera:opera_browser:10.00:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.00:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.00:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.00:beta3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.10:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.50:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.50:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.50:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.51:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.52:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.53:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.53:b:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.54:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.60:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.60:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.61:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.62:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.63:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:11.00:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:11.00:alpha:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:11.00:beta:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:11.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:11.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:11.10:alpha:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:11.10:beta:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:11.11:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:11.50:alpha:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.24:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.25:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.26:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.27:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.50:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.50:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.50:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.60:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.60:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.61:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.62:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.63:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.64:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:*:beta:*:*:*:*:*:*range: <=11.50
  • Opera/Operallm-fuzzy
    Range: < 11.50

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.