CVE-2023-49289

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-49289

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-49289.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-49289

Aliases

GHSA-8v6j-gc74-fmpp

Published

2023-12-04T23:53:08.245Z

Modified

2026-02-15T03:15:06.902927Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

Cross-site Scripting in Ajax.NET Professional

Details

Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected versions of this package are vulnerable cross site scripting attacks. Releases before version 21.12.22.1 are affected. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49289.json"
}

References

Affected packages

Git / github.com/michaelschwarz/ajax.net-professional

Affected ranges

Type: GIT
Repo: https://github.com/michaelschwarz/ajax.net-professional
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

08ca42ef66dc70c9aa9f276dfc7cff78bdb9bbdf

Affected versions

v21.*

v21.10.30.1

v21.11.22.1

v21.11.29.1

v21.12.21.1

v21.12.8.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-49289.json"