Filtered by vendor Mootools
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-32821 | 1 Mootools | 1 Mootools | 2023-01-10 | N/A | 7.5 HIGH |
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue. | |||||
CVE-2021-20088 | 1 Mootools | 1 Mootools-more | 2021-04-30 | 6.5 MEDIUM | 8.8 HIGH |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype. |