Design/Logic Flaw

The Google Web Toolkit GWT framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data...

CVE-2007-2380

The Microsoft Atlas framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using...

CVE-2007-2379

The jQuery framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

CVE-2007-2376

The Dojo framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

CVE-2007-2377

The CVE-2007-2377 vulnerability affects the Getahead Direct Web Remoting (DWR) framework up to version 1.1.4, where JSON data is exchanged without an accompanying protection scheme. This enables JavaScript Hijacking: an attacker can retrieve sensitive data by loading a page that fetches data via ...

CVE-2007-2384

The CVE-2007-2384 entry concerns the Script.aculo.us framework, where data is exchanged as JSON without protection. The underlying issue (JavaScript Hijacking) allows remote attackers to obtain data by loading a page that retrieves JSON via a SCRIPT tag SRC attribute and then captures it with oth...

CVE-2007-2385

The set of connected records confirms a JavaScript Hijacking vulnerability in the Yahoo! UI framework. Affected component: Yahoo! UI framework; vulnerability arises from exchanging data in JSON without an associated protection scheme, allowing a remote attacker to obtain data when a web page load...

CVE-2007-2382

The CVE-2007-2382 entry concerns the Moo.fx framework, where data is exchanged in JSON without an associated protection scheme. The underlying issue is exposed via JavaScript Hijacking: a malicious page can retrieve data by loading a URL in the SRC attribute of a SCRIPT element and capturing it w...

CVE-2007-2382

The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

CVE-2007-2378

The CVE-2007-2378 issue concerns the Google Web Toolkit (GWT) framework, where JSON data is exchanged without a protection scheme, enabling JavaScript Hijacking. IBM’s bulletin specifies ITNM (IBM Tivoli Network Manager) IP Edition 4.2 GA through 4.2.0.15 is affected, with a fix in ITNM 4.2 Fix P...

CVE-2007-2379

CVE-2007-2379 affects the jQuery framework, where data is exchanged as JSON without an associated protection scheme. This enables JavaScript Hijacking: a remote attacker can obtain data by a page that retrieves it through a URL in the SRC attribute of a SCRIPT element and reads it with other Java...

CVE-2007-2381

The CVE-2007-2381 issue concerns the MochiKit framework. Affected component: MochiKit’s data exchange using JSON without an accompanying protection scheme. Root cause: data can be obtained by exploiting a page that fetches the JSON via a SCRIPT element’s SRC URL and related JavaScript, i.e., Java...

CVE-2007-2378

The Google Web Toolkit GWT framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data...

CVE-2007-2383

The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

CVE-2007-2379

Removed by vendor...

CVE-2007-2381

The MochiKit framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

CVE-2007-2385

The Yahoo! UI framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

CVE-2007-2384

The Script.aculo.us framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using...

CVE-2007-2383

The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

CVE-2007-2385

The Yahoo! UI framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...