Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-9EE8D9FEC2E0C20257407F8986966015Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
20.6%
Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected versions of this package is vulnerable cross site scripting attacks. Releases before version 21.12.22.1 are affected. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nuget | ajaxnetprofessional | * | cpe:2.3:a:nuget:ajaxnetprofessional:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-8v6j-gc74-fmpp
github.com/michaelschwarz/Ajax.NET-Professional/commit/c89e39b9679fcb8ab6644fe21cc7e652cb615e2b
github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-8v6j-gc74-fmpp
nvd.nist.gov/vuln/detail/CVE-2023-49289
www.nuget.org/packages/AjaxNetProfessional/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
20.6%