CVE-2008-7220 — Cross-site Scripting in Prototype
Severity
7.5HIGHNVD
EPSS
10.0%
top 6.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 13
Latest updateMay 13
Description
Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages15 packages
Also affects: Debian Linux 5.0, 6.0
Patches
🔴Vulnerability Details
2📋Vendor Advisories
2💬Community
1Bugzilla▶
CVE-2008-7220 WordPress, MediaTomb, python-webhelpers, Asterisk, Plone -- embedded Prototype JavaScript FrameWork: XSS Ajax requests (AST-2009-009)↗2009-09-14