Spin Js
Monthly
Spin.js versions before 3.0.0 allow attackers to execute arbitrary JavaScript through a combination of prototype pollution and XSS in the spin() function, requiring user interaction via a crafted URL. An attacker can exploit this to manipulate Object.prototype and trigger malicious code execution in affected users' browsers. No patch is currently available.
Spin.js versions before 3.0.0 allow attackers to execute arbitrary JavaScript through a combination of prototype pollution and XSS in the spin() function, requiring user interaction via a crafted URL. An attacker can exploit this to manipulate Object.prototype and trigger malicious code execution in affected users' browsers. No patch is currently available.