Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs.

Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.