Back to search
CVE-2007-2383
Published: Apr 30, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
37677
third-party-advisory
x_refsource_SECUNIA
DSA-1952
vendor-advisory
x_refsource_DEBIAN
http://prototypejs.org/2007/4/24/release-candidate-3
x_refsource_CONFIRM
http://dev.rubyonrails.org/ticket/7910
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now