CVE-2021-43853

Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation when parsing json input. Releases before version 21.12.22.1 are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details.

Summary:

Reference Links(if available):

https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-5q7q-qqw2-hjq7

https://github.com/michaelschwarz/Ajax.NET-Professional/commit/c89e39b9679fcb8ab6644fe21cc7e652cb615e2b

https://github.com/michaelschwarz/Ajax.NET-Professional/releases/tag/v21.12.22.1

CVSS Score (if available)

v2: / MEDIUM

v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Links to Exploits(if available)

Tags: #threatintel #security #osint, CONFIRM, CVE, CVE-2021-43853, vulnerability

CVE-2021-43853

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

CISA: CISA and Partners Release Advisory on Akira Ransomware

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

CISA: CISA and Partners Release Advisory on Akira Ransomware

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: Oracle Releases Critical Patch Update Advisory for April 2024