Skip to main content

Spin Js

1 CVEs product

Monthly

CVE-2026-3884 LOW Monitor

Spin.js versions before 3.0.0 allow attackers to execute arbitrary JavaScript through a combination of prototype pollution and XSS in the spin() function, requiring user interaction via a crafted URL. An attacker can exploit this to manipulate Object.prototype and trigger malicious code execution in affected users' browsers. No patch is currently available.

XSS Spin Js
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
EPSS 0% CVSS 2.0
LOW Monitor

Spin.js versions before 3.0.0 allow attackers to execute arbitrary JavaScript through a combination of prototype pollution and XSS in the spin() function, requiring user interaction via a crafted URL. An attacker can exploit this to manipulate Object.prototype and trigger malicious code execution in affected users' browsers. No patch is currently available.

XSS Spin Js
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy