jsgui-lang-essentials is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the ll_set
function in the jsgui-lang-essentials.js
and modify attributes such as __proto__
, constructor
, and prototype
.