4 matches found
GHSA-82GW-PQF7-Q3J2 pym.js CSRF Vulnerability
NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...
pym.js CSRF Vulnerability
NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...
CVE-2018-1000086
NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...
CVE-2018-1000086
NPR Visuals Team Pym.js versions 0.4.2 through 1.3.1 expose a CSRF vulnerability in the _onNavigateToMessage function that can result in arbitrary JavaScript execution. An attacker could leverage this to gain full JavaScript access on pages embedding Pym.js when a user visits a crafted page. The ...