Vulnerabilities > CVE-2021-43853 - Deserialization of Untrusted Data vulnerability in Ajax.Net Professional Project Ajax.Net Professional

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

ajax-net-professional-project

CWE-502

NVD

Published: 2021-12-22

Updated: 2022-08-09

Summary

Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation when parsing json input. Releases before version 21.12.22.1 are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details.

Vulnerable Configurations

Part	Description	Count
Application	Ajax.Net_Professional_Project Ajax.Net Professional Project Ajax.Net Professional *	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References