Cross-Site Request Forgery (CSRF)
Pym.js contains a CSRF vulnerability in Pym.js onNavigateToMessage function that can result in arbitrary javascript code execution.
Advisories for Npm/Pym.js package
2018
Pym.js contains a CSRF vulnerability in Pym.js onNavigateToMessage function that can result in arbitrary javascript code execution.