The host is installed with Opera before 9.63 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to block unspecified "scripted URLs" during the feed preview. Successful exploitation allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.