The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-30T23:00:00

Updated: 2024-08-07T13:33:28.720Z

Reserved: 2007-04-30T00:00:00

Link: CVE-2007-2383

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2007-04-30T23:19:00.000

Modified: 2024-02-14T01:17:43.863

Link: CVE-2007-2383

cve-icon Redhat

No data.