CVE-2020-7993

CVE-2020-7993

EPSS 0.7%

Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/prototypejs/prototype/blob/master/CHANGELOG https://medium.com/%40vbharad/improper-access-control-vulnerability-in-prototype-1-6-0-1-framework-379cc3a05079