The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
References
Link | Resource |
---|---|
http://osvdb.org/43324 | |
http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf | URL Repurposed |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-04-30T23:00:00
Updated: 2008-11-13T10:00:00
Reserved: 2007-04-30T00:00:00
Link: CVE-2007-2385
JSON object: View
NVD Information
Status : Modified
Published: 2007-04-30T23:19:00.000
Modified: 2024-02-14T01:17:43.863
Link: CVE-2007-2385
JSON object: View
Redhat Information
No data.
CWE