3 matches found
CVE-2007-2383
The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...
CVE-2007-2383
CVE-2007-2383 affects the Prototype.js framework prior to 1.5.1 RC3, which exposes JSON data via a SCRIPT SRC URL and allows data exfiltration via JavaScript Hijacking. Public connected documents confirm the vulnerability vector and mention the affected library version. The provided sources do no...
PT-2007-3716 · Prototype · Prototypejs
Name of the Vulnerable Software and Affected Versions: prototypejs versions prior to 1.5.1 RC3 Description: The issue allows remote attackers to obtain data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript...