The host is installed with Opera before 9.26 and is prone to cross-site scripting vulnerability. A flaw is present in the application, which fails to handle crafted attribute values in an XML document. Successful exploitation allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation.