1. CVE-Search
  2. CVE-2008-7220
ID CVE-2008-7220
Summary Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:prototypejs:prototype:1.5.0:-:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.5.0:-:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.5.0:pre0:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.5.0:pre0:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.5.0:pre1:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.5.0:pre1:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.5.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.5.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.5.1:-:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.5.1:-:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.5.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.5.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.5.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.5.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.5.1:rc3:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.5.1:rc3:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.5.1:rc4:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.5.1:rc4:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.5.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.6.0:-:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.6.0:-:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.6.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.6.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:prototypejs:prototype:1.6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:prototypejs:prototype:1.6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 27-07-2021 - 17:31)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20190509 dotCMS v5.1.1 Vulnerabilities
confirm
debian DSA-1952
fedora
  • FEDORA-2009-11070
  • FEDORA-2009-11126
fulldisc
  • 20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability
  • 20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability
  • 20190510 dotCMS v5.1.1 Vulnerabilities
misc http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
mlist
  • [oss-security] 20091107 Re: CVE Request - Asterisk (AST-2009-008.html)
  • [zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3610) Update lib prototype.js: 1.4.0_pre4 due to security vulnerability
  • [zookeeper-dev] 20191112 [jira] [Created] (ZOOKEEPER-3612) CLONE - Update lib prototype.js: 1.4.0_pre4 due to security vulnerability
  • [zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3610) Update lib prototype.js: 1.4.0_pre4 due to security vulnerability
  • [zookeeper-issues] 20191112 [jira] [Created] (ZOOKEEPER-3612) CLONE - Update lib prototype.js: 1.4.0_pre4 due to security vulnerability
  • [zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
osvdb 46312
secunia
  • 37479
  • 37677
Last major update 27-07-2021 - 17:31
Published 13-09-2009 - 22:30
Last modified 27-07-2021 - 17:31
Back to Top