The host is installed with Opera through 9.52 and is prone to a coss-site scripting vulnerability. A flaw is present in the application, which fails to handle an issue in data: URIs in Location headers in HTTP responses. Successful exploitation could allow remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to injecting a Location header that contains JavaScript sequences in a data:text/html URI or entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header.