CVE-2023-49289

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 5, 2023

Updated: Dec 8, 2023

CWE ID 79

Summary

CVE-2023-49289: Ajax.NET Professional (AjaxPro), an AJAX framework for Microsoft ASP.NET, contains a cross-site scripting (XSS) vulnerability. This issue affects versions of AjaxPro prior to 21.12.22.1 and can be exploited to inject malicious scripts into web pages. Affected websites may expose user data and allow attackers to carry out various actions on behalf of the victim. Users are strongly advised to upgrade to the latest version of AjaxPro to mitigate this threat. No known workarounds exist for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tjIDvw
https://www.cve.org/CVERecord?id=CVE-2023-49289
https://nvd.nist.gov/vuln/detail/CVE-2023-49289

Back to Vulnerability Database

CVE-2023-49289

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations