Lucene search
K

4 matches found

OSV
OSV
added 2018/03/13 8:38 p.m.14 views

GHSA-82GW-PQF7-Q3J2 pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

8.8CVSS9AI score0.0104EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2018/03/13 8:38 p.m.74 views

pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

8.8CVSS8.8AI score0.0104EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2018/03/13 3:29 p.m.18 views

CVE-2018-1000086

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

8.8CVSS9.2AI score
Exploits0References3
CVE
CVE
added 2018/03/13 3:0 p.m.46 views

CVE-2018-1000086

NPR Visuals Team Pym.js versions 0.4.2 through 1.3.1 expose a CSRF vulnerability in the _onNavigateToMessage function that can result in arbitrary JavaScript execution. An attacker could leverage this to gain full JavaScript access on pages embedding Pym.js when a user visits a crafted page. The ...

8.8CVSS8.9AI score0.0104EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder