The plugin has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.
http://example.com/?__proto__[poc]=polluted
3) Open browser console 4) Type poc
and see polluted
as the result.CPE | Name | Operator | Version |
---|---|---|---|
popup-by-supsystic | lt | 1.10.19 |