CVE-2023-49289

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-49289
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49289.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-49289
Aliases
Published
2023-12-05T00:15:08Z
Modified
2024-05-15T01:19:30.569502Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected versions of this package are vulnerable cross site scripting attacks. Releases before version 21.12.22.1 are affected. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/michaelschwarz/ajax.net-professional

Affected ranges

Type
GIT
Repo
https://github.com/michaelschwarz/ajax.net-professional
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c89e39b9679fcb8ab6644fe21cc7e652cb615e2b

Affected versions

v21.*

v21.10.30.1
v21.11.22.1
v21.11.29.1
v21.12.21.1
v21.12.8.1