PT-2024-19040 · Ernest Marcinko · Ajax Search Lite

Le Ngoc Anh

Published

2024-02-28

Updated

2025-03-18

CVE-2024-21752

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Ernest Marcinko Ajax Search Lite versions through 4.11.4

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that allows Reflected XSS.

Recommendations For versions through 4.11.4, update to a version later than 4.11.4 to resolve the issue. At the moment, there is no information about other mitigation measures for this issue.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2024-21752

Affected Products

Ajax Search Lite

PT-2024-19040 · Ernest Marcinko · Ajax Search Lite

CVE-2024-21752

Weakness Enumeration

Related Identifiers

Affected Products

References · 5