High
Sites that allow content to be provided by untrusted users, such as forums and blogging sites, typically sanitize the untrusted content to ensure that it does not contain any harmful content, such as malicious scripts. When certain characters appear at specific locations within HTML markup, they can cause Opera to ignore either that character, or the one following it, potentially altering the interpretation of the following markup. This can be used to facilitate cross-site scripting (XSS) attacks against Opera, without being detected by a sanitizer.
Opera Software has released Opera 12.01 and Opera 11.66, where this issue has been fixed.
Need help? Hit F1 anytime while using Opera to access our online help files, or go here.