CVE-2008-7220

Prototype JavaScript <1.6.0.2 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7220. PoCs published by followboy1999.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2008-7220, which exploits a vulnerability in Prototype JavaScript framework version 1.6.0. The demo.php file simulates a server response that can be used to trigger the vulnerability, while the prototype.js file is the vulnerable library itself.

Description

Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.

Exploits (1)

nomisec WORKING POC 1 stars
by followboy1999 · poc
https://github.com/followboy1999/CVE-2008-7220

This repository contains a functional proof-of-concept for CVE-2008-7220, which exploits a vulnerability in Prototype JavaScript framework version 1.6.0. The demo.php file simulates a server response that can be used to trigger the vulnerability, while the prototype.js file is the vulnerable library itself.

Classification
Working Poc 80%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Prototype JavaScript framework 1.6.0
No auth needed
Prerequisites: A web application using Prototype JavaScript framework 1.6.0 · Ability to send crafted HTTP requests to the target server
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (20)

Core 20
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37479
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37677
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1952
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=523277
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/46312
Issue Tracking, Not Applicable, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=533137
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/07/2
Issue Tracking, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/May/18
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/May/11
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/May/10
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/May/13

Scores

EPSS 0.1002
EPSS Percentile 93.2%

Details

Status published
Products (3)
debian/debian_linux 5.0
debian/debian_linux 6.0
prototypejs/prototype < 1.6.0.2
Published Sep 13, 2009
Tracked Since Feb 18, 2026