If Opera is sent to an invalid URL, an error page will be displayed along with a link to the URL. The URL linked to might run scripts, and in some cases these scripts might be run in the wrong security context. This can be used to execute scripts in the context of an unrelated domain, which allows cross-site scripting.
To exploit this vulnerability, an attacker must get the user to interact with a specially crafted error page.
Opera Software has released Opera 10.63, where this issue has been fixed.