Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0270


Vulnerability Score 4.3 4.3
CVE Id CVE-2002-0270
Last Modified 05 Sep 2008 12:00:00
Published 29 May 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.

Vulnerable Systems


  • Opera Software Opera Web Browser 9.10


BUGTRAQ - 20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting

Last Updated: 27 May 2016 10:36:51