CVE-2007-2384 in Script.aculo.usinfo

Summary

The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

04/30/2007

Disclosure

04/30/2007

Moderation

VulDB entry created

Entries

1 (VDB-36525)

CPE

ready

CWE

Unknown

CVSS

7.5

EPSS

0.00331

CTI

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-2384
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2384
CVE Details	https://www.cvedetails.com/cve/CVE-2007-2384/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!