John-David Dalton

3 exploits Active since Sep 2009
CVE-2008-7220 WRITEUP WRITEUP
Prototype JavaScript <1.6.0.2 - CSRF
Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
CVE-2018-3721 WRITEUP MEDIUM WRITEUP
lodash < 4.17.5 - Prototype Pollution via __proto__ in defaultsDeep, merge, and mergeWith
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
CVSS 6.5
CVE-2020-7993 WRITEUP MEDIUM WRITEUP
Prototype 1.6.0.1 - Authenticated Ticket Forgery via Email ID Field
Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.
CVSS 4.3