The host is installed with Opera through 9.52 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle an issue in javascript: URIs in Refresh headers in HTTP responses. Successful exploitation could allow remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to injecting a Refresh header or specifying the content of a Refresh header.