EPSS
Percentile
70.5%
pym.js is vulnerable to cross-site request forgery (CSRF) attacks. Attackers can embed malicious JavaScript code into document.location.href objects.
document.location.href
blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html
github.com/nprapps/pym.js
github.com/nprapps/pym.js/issues/170