Opera 7 - Image Rendering HTML Injection

Author: GreyMagic Software
type: remote
platform: windows
port: 
date_added: 2003-02-04  
date_updated: 2012-10-24  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22217.txt  

source: https://www.securityfocus.com/bid/6756/info

It has been reported that, when generating HTML to display images or embedded media, Opera does not correctly format the provided URL or sufficiently encode URLs to local files.

As a result of this lack of sanitization Opera is vulnerable to HTML injection attacks when handling local image or media files.

open("file://localhost/images/file.gif?\"><script>alert(location.href);</script>","","");