cbcvebase.
CVE-2007-2383
published 2007-04-30

CVE-2007-2383: The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which…

PriorityP419medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
2.37%
81.7th percentile
The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

Affected

15 ranges
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:1.6.2.0~rc3-1 (bullseye)asterisk 1:1.6.2.0~rc3-1 (bullseye)
debianexaile< asterisk 1:1.6.2.0~rc3-1 (bullseye)asterisk 1:1.6.2.0~rc3-1 (bullseye)
debianjscropperui< asterisk 1:1.6.2.0~rc3-1 (bullseye)asterisk 1:1.6.2.0~rc3-1 (bullseye)
debianlibaws< asterisk 1:1.6.2.0~rc3-1 (bullseye)asterisk 1:1.6.2.0~rc3-1 (bullseye)
debianlibhtml-prototype-perl< asterisk 1:1.6.2.0~rc3-1 (bullseye)asterisk 1:1.6.2.0~rc3-1 (bullseye)
debianotrs2< asterisk 1:1.6.2.0~rc3-1 (bullseye)asterisk 1:1.6.2.0~rc3-1 (bullseye)
debianprototypejs< asterisk 1:1.6.2.0~rc3-1 (bullseye)asterisk 1:1.6.2.0~rc3-1 (bullseye)
debianscriptaculous< asterisk 1:1.6.2.0~rc3-1 (bullseye)asterisk 1:1.6.2.0~rc3-1 (bullseye)
debiansymfony< asterisk 1:1.6.2.0~rc3-1 (bullseye)asterisk 1:1.6.2.0~rc3-1 (bullseye)
debianwordpress< asterisk 1:1.6.2.0~rc3-1 (bullseye)asterisk 1:1.6.2.0~rc3-1 (bullseye)
prototypejsprototype_framework
symfonysymfony>= 0 < 1.0.21-1.11.0.21-1.1
symfonysymfony>= 0 < 1.0.21-1.11.0.21-1.1
symfonysymfony>= 0 < 1.0.21-1.11.0.21-1.1
symfonysymfony>= 0 < 1.0.21-1.11.0.21-1.1

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.