3 matches found
Supsystic Popup < 1.10.19 - Prototype Pollution
The plugin has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype. PoC 1 Create a pop-up that is set to load on any page 2 Go to http://example.com/?protopoc=polluted 3 Open browser console 4 Type poc and see polluted as the resul...
Prototype Pollution
objection is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the set and zipObject function...
CVE-2018-16491
CVE-2018-16491 describes a prototype pollution vulnerability in node.extend before 1.1.7 and before 2.0.1, enabling an attacker to inject arbitrary properties onto Object.prototype. Affected versions are node.extend <1.1.7, ~