CVE ID: CVE-2020-6159
PRODUCT: Opera for Android
VERSION: Below 61.0.3076.56532
PROBLEM TYPE: Cross-site Scripting (CWE-79)
DESCRIPTION: URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.
ASSIGNING CNA: Opera
| CARVIEW |
Select Language
HTTP/2 200
date: Sat, 11 Oct 2025 23:33:36 GMT
content-type: text/html; charset=UTF-8
content-length: 7320
vary: Accept-Encoding
link: ; rel=shortlink
content-encoding: gzip
accept-ranges: bytes
x-cache: MISS
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
Cross-site Scripting in OfA – Opera Security Advisories - Opera Security Team