6 matches found
NPR Visuals Team Pym.js Cross-Site Request Forgery Vulnerability
NPR Visuals Team Pym.js is a tool for embedding code in containers. The 'Pym.js onNavigateToMessage' function in NPR Visuals Team Pym.js versions 0.4.2 through 1.3.1 https://github.com/nprapps/pym.js/blob A cross-site request forgery vulnerability exists in /master/src/pym.jsL573. A remote attack...
GHSA-82GW-PQF7-Q3J2 pym.js CSRF Vulnerability
NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...
pym.js CSRF Vulnerability
NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...
CVE-2018-1000086
NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...
CVE-2018-1000086
NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...
CVE-2018-1000086
NPR Visuals Team Pym.js versions 0.4.2 through 1.3.1 expose a CSRF vulnerability in the _onNavigateToMessage function that can result in arbitrary JavaScript execution. An attacker could leverage this to gain full JavaScript access on pages embedding Pym.js when a user visits a crafted page. The ...