LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements.
https://twitter.com/LastPassHelp/status/955478245650071552
https://forums.lastpass.com/viewtopic.php?f=12&t=286955
https://www.youtube.com/watch?v=wTcYWZwq3TE
Source: Mitre, NVD
Published: 2018-04-18
Updated: 2026-06-17
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: Medium
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: High
EPSS: 0.00934