Same Origin Policy Bypass in Opera before 11.60

Same Origin Policy Bypass in Opera before 11.60

CVE-2011-4681 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as demonstrated by the .no or .uk domain.

Learn more about our Web Application Penetration Testing UK.