Vulnerabilities (CVE)

Filtered by vendor Mootools Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-32821 1 Mootools 1 Mootools 2024-02-28 N/A 7.5 HIGH
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.
CVE-2021-20088 1 Mootools 1 Mootools-more 2024-02-28 6.5 MEDIUM 8.8 HIGH
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype.