CVE-2023-49289

Name of the Vulnerable Software and Affected Versions Ajax.NET Professional (AjaxPro) versions prior to 21.12.22.1

Description The issue is related to Cross-Site Scripting (XSS) attacks, which occur when an attacker uses a web application to send malicious code to a different end user. This happens because the web application uses input from a user within the output it generates without validating or encoding it. The effects of XSS attacks can range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site.

Recommendations For versions prior to 21.12.22.1, upgrade to version 21.12.22.1 or later to resolve the issue. As a temporary workaround, replace the default JavaScript code with a fixed version by using an XML configuration to point to a custom ajaxpro-core-fixed.js file, which can be created by copying and renaming the core.js file from the main project folder. Clients will need to refresh the web page to download the changed JavaScript code.