CVE-2013-1639

Description

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.

Risk Information

Base Score

8.8

MODERATE

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.107

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities affected in Opera 12.12	Windows
Multiple vulnerabilities affected in Opera 12.12 (For Ubuntu)	Linux
Multiple vulnerabilities affected in Opera 12.12 (For Debian)	Linux
Multiple vulnerabilities affected in Opera 12.12 (For Centos)	Linux
Multiple vulnerabilities affected in Opera 12.12 (For RedHat)	Linux
Multiple vulnerabilities affected in Opera 12.12 (For Suse)	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234