Lucene search

Veracode Vulnerability DatabaseVERACODE:44574

HistoryDec 05, 2023 - 7:52 a.m.

Cross-Site Scripting(XSS)

2023-12-0507:52:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

ajax.net professional

data validation

core.js

arbitrary javascript

vulnerability

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.8%

JSON

Ajax.NET Professional is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to the missing data validation in the parse function of core.js. This could allow an attacker to execute arbitrary Javascript.

CPENameOperatorVersion
ajaxnetprofessionalle21.12.21.1
ajaxnetprofessionalle21.12.21.1

CPE	Name	Operator	Version
	ajaxnetprofessional	le	21.12.21.1
	ajaxnetprofessional	le	21.12.21.1

References

github.com/advisories/GHSA-8v6j-gc74-fmpp

github.com/michaelschwarz/Ajax.NET-Professional/commit/c89e39b9679fcb8ab6644fe21cc7e652cb615e2b

github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-8v6j-gc74-fmpp

www.nuget.org/packages/AjaxNetProfessional/