Cross site request forgery bypass vulnerability in Opera via a crafted web site that triggers a CORS request (rpm)ID: oval:org.secpod.oval:def:9315 | Date: (C)2013-02-19 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Opera before 12.13 and is prone to cross site request forgery bypass vulnerability. A flaw is present in the application, which fails to send CORS preflight requests in all required cases. Successful exploitation allows attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.