CVE-2020-6159

{"id": "CVE-2020-6159", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-12-23T16:15:13.093", "references": [{"url": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/", "tags": ["Vendor Advisory"], "source": "security@opera.com"}, {"url": "https://security.opera.com/cross-site-scripting-in-ofa-opera-security-advisories/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@opera.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "URLs using \u201cjavascript:\u201d have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532."}, {"lang": "es", "value": "Las URL que usan \"javascript:\" tienen el protocolo removido cuando se pegaban en la barra de direcciones para proteger a usuarios de ataques de tipo cross-site scripting (XSS), pero en determinadas circunstancias esta eliminaci\u00f3n no fue llevada a cabo. Esto podr\u00eda permitir a usuarios hacer ingenier\u00eda social para ejecutar un ataque de tipo XSS contra ellos mismos. Esta vulnerabilidad afecta a las versiones de Opera para Android para versiones por debajo de 61.0.3076.56532"}], "lastModified": "2024-11-21T05:35:13.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opera:opera:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "CA95102F-64EF-48D0-BD23-F21D6F69F47D", "versionEndExcluding": "61.0.3076.56532"}], "operator": "OR"}]}], "sourceIdentifier": "security@opera.com"}