Mootools

mootools

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-32821 1Mootools 1Mootools Nov 21, 2024 Jan 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an...Show more MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.Show less
CVE-2021-20088 1Mootools 1Mootools More Nov 21, 2024 Apr 23, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-32821

1Mootools

Nov 21, 2024

Jan 3, 2023

N/A· v4

7.5 HIGH· v3

N/A· v2

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.Show less

CVE-2021-20088

1Mootools

1Mootools More

Nov 21, 2024

Apr 23, 2021

N/A· v4

8.8 HIGH· v3

6.5 MEDIUM· v2

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype.