Prototypejs Prototype vulnerabilities

CVE-2020-27511 [HIGH] CVE-2020-27511: An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an att An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.

CVE-2020-7993 [MEDIUM] CWE-862 CVE-2020-7993: Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other use Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.

CVE-2008-7220 [HIGH] CVE-2008-7220: Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows atta Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.