August 7th, 2002, 01:06 PM
Opera FTP View Cross-Site Scripting Vulnerability
Note: IE 5.5 (on NT4) with latest security patches(?) seems to be vulnerable aswell.. Atleast did the exploit run on one of my work machines automatically when viewing the "bugtraq" advisory by Eiji James Yoshida. Have not had time to confirm the patch level on this machine, I may be wrong.. .
Opera allows running Malicious Scripts due to a bug in 'FTP view' feature.
If you click on a malicious link, the script embedded in URL will run.