RSS   Vulnerabilities for 'Prototype'   RSS

2021-06-21
 
CVE-2020-27511

NVD-CWE-noinfo
 

 
An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 version 1.6 and below where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.

 
2020-02-03
 
CVE-2020-7993

CWE-269
 

 
Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.

 

 >>> Vendor: Prototypejs 3 Products
Prototype framework
Prototype javascript framework
Prototype


Copyright 2024, cxsecurity.com

 

Back to Top