1. Home
  2. CVE Database
  3. CVE-2002-0270
MEDIUM · 4.3

CVE-2002-0270

Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attack...

Vulnerability Description

Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
Opera SoftwareOpera Web Browser9.10

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2002-0270?

CVE-2002-0270 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attack...

How severe is CVE-2002-0270?

CVE-2002-0270 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-0270?

Check the references section above for vendor advisories and patch information. Affected products include: Opera Software Opera Web Browser.