Built-in XSLT templates can allow cross-site scripting – Opera Security Advisories

Severity

Highly Severe

Problem Description

Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untrusted users, which it then displays using XSLT as escaped strings, this can allow scripted markup to be injected. The scripts will then be executed in the security context of that site.

Opera’s Response

Opera Software has released Opera 9.63, where this issue has been fixed.

Credits

Thanks to Robert Swiecki of the Google Security Team for reporting this issue to Opera Software.