9 matches found
Prototype Pollution
Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeConfig function. An attacker can cause the application to crash by supplying a malicious configuration object containing ...
EUVD-2022-0467
Malicious code in bioql PyPI...
CVE-2021-43853
Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...
CVE-2021-43853
Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...
CVE-2021-43853
Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...
CVE-2021-43853 Cross-Site Scripting in AjaxNetProfessional
Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...
CVE-2021-43853
Ajax.NET Professional (AjaxPro) for Microsoft ASP.NET is affected by CVE-2021-43853 due to a JavaScript object injection vulnerability that arises during JSON input parsing, enabling cross-site scripting if a malicious actor supplies crafted data. All releases before 21.12.22.1 are affected. A re...
PT-2021-7106 · Unknown · Ajax.Net Professional
Name of the Vulnerable Software and Affected Versions: Ajax.NET Professional AjaxPro versions prior to 21.12.22.1 Description: The issue relates to JavaScript object injection, which may result in cross-site scripting when leveraged by a malicious user. This occurs due to the deserialization of...