CVE-2007-2383

Name of the Vulnerable Software and Affected Versions prototypejs versions prior to 1.5.1 RC3

Description The issue allows remote attackers to obtain data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, also known as "JavaScript Hijacking." This occurs because the prototypejs framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme.

Recommendations For versions prior to 1.5.1 RC3, update to version 1.5.1 RC3 or later to resolve the issue. As a temporary workaround, consider restricting the use of JSON data exchange in the prototypejs framework until a patch is applied.