Jjelosua

Name of the Vulnerable Software and Affected Versions: Pym.js versions 0.4.2 through 1.3.1 Description: The issue concerns a Cross Site Request Forgery (CSRF) vulnerability in the ` onNavigateToMessage` function of Pym.js. This can result in arbitrary JavaScript code execution. The attack is exploitable when an attacker gains full JavaScript access to pages with Pym.js embeds or when a user visits an attacker-crafted page. Recommendations: For Pym.js versions 0.4.2 through 1.3.1, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider disabling the ` onNavigateToMessage` function until a patch is available.