{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T22:21:50.524","vulnerabilities":[{"cve":{"id":"CVE-2021-43853","sourceIdentifier":"security-advisories@github.com","published":"2021-12-22T21:15:07.527","lastModified":"2024-11-21T06:29:56.070","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation when parsing json input. Releases before version 21.12.22.1 are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details."},{"lang":"es","value":"Ajax.NET Professional (AjaxPro) es un framework AJAX disponible para Microsoft ASP.NET. Las versiones afectadas de este paquete son vulnerables a una inyección de objetos de JavaScript, lo que puede resultar en una vulnerabilidad de tipo cross site scripting cuando es aprovechada por un usuario malicioso. El núcleo afectado está relacionado con la creación de objetos JavaScript cuando es analizada la entrada json. Las versiones anteriores a la 21.12.22.1 están afectadas. Se presenta una solución que reemplaza uno de los archivos JavaScript del núcleo insertado en la biblioteca. Consulte el documento GHSA-5q7q-qqw2-hjq7 para conocer los detalles de la solución"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ajax.net_professional_project:ajax.net_professional:*:*:*:*:*:*:*:*","versionEndExcluding":"21.12.22.1","matchCriteriaId":"F73C43B4-EDD4-4772-B431-D66CCE27CBBF"}]}]}],"references":[{"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/commit/c89e39b9679fcb8ab6644fe21cc7e652cb615e2b","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/releases/tag/v21.12.22.1","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-5q7q-qqw2-hjq7","source":"security-advisories@github.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/commit/c89e39b9679fcb8ab6644fe21cc7e652cb615e2b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/releases/tag/v21.12.22.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-5q7q-qqw2-hjq7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]}]}}]}