← Back

CVE-2013-1639

nvd nist
Published: Feb 8, 2013Modified: Apr 29, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.

Affected (8)

Products: Opera: Opera Browser
Opera
1 product
Opera Browser
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Opera
Opera Browser
Up to 12.12
Opera Browser
Version 12.00
Opera Browser
Version 12.00 beta
Opera Browser
Version 12.01
Opera Browser
Version 12.02
Opera Browser
Version 12.10
Opera Browser
Version 12.10 beta
Opera Browser
Version 12.11

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.