CVE-2005-2406

Name of the Vulnerable Software and Affected Versions Opera version 8.01

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a javascript: URI. This can lead to unauthorized actions on the user's behalf.

Recommendations For Opera version 8.01, consider disabling the ability to drag and drop images from untrusted sources as a temporary workaround until a patch is available. Restrict access to sensitive features that may be exploited through cross-site scripting attacks to minimize the risk of exploitation.