CVE-2007-2383 — Libhtml-prototype-perl vulnerability

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 50.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symfony Debian Asterisk Debian Exaile +9 more

Timeline

PublishedApr 30

Latest updateMay 1

Description

The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages12 packages

▶NVDprototypejs/prototype_framework1.5.1_rc3

▶debiandebian/prototypejs< asterisk 1:1.6.2.0~rc3-1 (bullseye)

▶debiandebian/scriptaculous< asterisk 1:1.6.2.0~rc3-1 (bullseye)

▶debiandebian/libhtml-prototype-perl< asterisk 1:1.6.2.0~rc3-1 (bullseye)

▶debiandebian/otrs2< asterisk 1:1.6.2.0~rc3-1 (bullseye)

🔴Vulnerability Details

GHSA

GHSA-qgq2-pf5j-2fvq: The Prototype (prototypejs) framework before 1↗2022-05-01

▶

OSV

CVE-2007-2383: The Prototype (prototypejs) framework before 1↗2007-04-30

▶

📋Vendor Advisories

Debian

CVE-2007-2383: asterisk - The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using Java...↗2007

▶

Red Hat

embedded prototype.js JavaScript hijacking↗

▶

💬Community

Bugzilla

CVE-2007-2383 embedded prototype.js JavaScript hijacking↗2009-11-20

▶