Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site Scripting in AjaxNetProfessional
Vulnerability Description
Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation when parsing json input. Releases before version 21.12.22.1 are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Ajax.NET Professional 代码问题漏洞
Vulnerability Description
Ajax.NET Professional是最早可用于 Microsoft ASP.NET 的 AJAX 框架之一。 Ajax.NET Professional 存在跨站脚本漏洞,该漏洞源于软件缺少对于用户提交JavaScript对象的过滤和转义,很容易受到JavaScript对象注入的攻击,当恶意用户利用时,可能会导致跨站点脚本编写。受影响的核心与解析json输入时创建JavaScript对象有关。
CVSS Information
N/A
Vulnerability Type
N/A