The host is installed with Opera before 12.13 and is prone to cross site request forgery bypass vulnerability. A flaw is present in the application, which fails to send CORS preflight requests in all required cases. Successful exploitation allows attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.