The host is installed with Opera before 11.66 or 12.x before 12.01 and is prone to Cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly escape characters in DOM elements. Successful exploitation allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.