CVE-2007-2385

Name of the Vulnerable Software and Affected Versions Yahoo! UI framework (affected versions not specified)

Description The issue allows remote attackers to obtain data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, also known as "JavaScript Hijacking." This occurs because the framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.