{"url":"http://public2.vulnerablecode.io/api/packages/18209?format=json","purl":"pkg:nuget/AjaxNetProfessional@21.11.29","type":"nuget","namespace":"","name":"AjaxNetProfessional","version":"21.11.29","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"21.12.22.1","latest_non_vulnerable_version":"21.12.22.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207050?format=json","vulnerability_id":"VCID-5je1-8r8r-k7b4","summary":"AjaxNetProfessional deserializes arbitrary JavaScript objects","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43853","reference_id":"","reference_type":"","scores":[{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.4721","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43853"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional/releases/tag/v21.12.22.1","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/releases/tag/v21.12.22.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43853","reference_id":"CVE-2021-43853","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43853"},{"reference_url":"https://github.com/advisories/GHSA-5q7q-qqw2-hjq7","reference_id":"GHSA-5q7q-qqw2-hjq7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5q7q-qqw2-hjq7"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-5q7q-qqw2-hjq7","reference_id":"GHSA-5q7q-qqw2-hjq7","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-5q7q-qqw2-hjq7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18430?format=json","purl":"pkg:nuget/AjaxNetProfessional@21.12.22.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/AjaxNetProfessional@21.12.22.1"}],"aliases":["CVE-2021-43853","GHSA-5q7q-qqw2-hjq7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5je1-8r8r-k7b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133111?format=json","vulnerability_id":"VCID-crzb-xjfb-7qd9","summary":"Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected versions of this package are vulnerable cross site scripting attacks. Releases before version 21.12.22.1 are affected. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49289","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57694","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49289"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49289","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49289"},{"reference_url":"https://www.nuget.org/packages/AjaxNetProfessional","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.nuget.org/packages/AjaxNetProfessional"},{"reference_url":"https://www.nuget.org/packages/AjaxNetProfessional/","reference_id":"AjaxNetProfessional","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:22Z/"}],"url":"https://www.nuget.org/packages/AjaxNetProfessional/"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional/commit/c89e39b9679fcb8ab6644fe21cc7e652cb615e2b","reference_id":"c89e39b9679fcb8ab6644fe21cc7e652cb615e2b","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:22Z/"}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/commit/c89e39b9679fcb8ab6644fe21cc7e652cb615e2b"},{"reference_url":"https://github.com/advisories/GHSA-8v6j-gc74-fmpp","reference_id":"GHSA-8v6j-gc74-fmpp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8v6j-gc74-fmpp"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-8v6j-gc74-fmpp","reference_id":"GHSA-8v6j-gc74-fmpp","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:22Z/"}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-8v6j-gc74-fmpp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18430?format=json","purl":"pkg:nuget/AjaxNetProfessional@21.12.22.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/AjaxNetProfessional@21.12.22.1"}],"aliases":["CVE-2023-49289","GHSA-8v6j-gc74-fmpp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-crzb-xjfb-7qd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206988?format=json","vulnerability_id":"VCID-uh5t-waas-m3cm","summary":"Duplicate Advisory: Remote Code Execution in AjaxNetProfessional","references":[{"reference_url":"http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.html"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57"},{"reference_url":"https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23758","reference_id":"CVE-2021-23758","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23758"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-6r7c-6w96-8pvw","reference_id":"GHSA-6r7c-6w96-8pvw","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-6r7c-6w96-8pvw"},{"reference_url":"https://github.com/advisories/GHSA-74r6-grj9-8rq6","reference_id":"GHSA-74r6-grj9-8rq6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-74r6-grj9-8rq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18210?format=json","purl":"pkg:nuget/AjaxNetProfessional@21.11.29.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/AjaxNetProfessional@21.11.29.1"},{"url":"http://public2.vulnerablecode.io/api/packages/529840?format=json","purl":"pkg:nuget/AjaxNetProfessional@21.12.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5je1-8r8r-k7b4"},{"vulnerability":"VCID-crzb-xjfb-7qd9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/AjaxNetProfessional@21.12.8.1"}],"aliases":["GHSA-74r6-grj9-8rq6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uh5t-waas-m3cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206804?format=json","vulnerability_id":"VCID-zr29-7c8j-67hd","summary":"Remote Code Execution in AjaxNetProfessional","references":[{"reference_url":"http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23758","reference_id":"","reference_type":"","scores":[{"value":"0.87776","scoring_system":"epss","scoring_elements":"0.9949","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23758"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57"},{"reference_url":"https://security.snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23758","reference_id":"CVE-2021-23758","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23758"},{"reference_url":"https://github.com/advisories/GHSA-6r7c-6w96-8pvw","reference_id":"GHSA-6r7c-6w96-8pvw","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r7c-6w96-8pvw"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-6r7c-6w96-8pvw","reference_id":"GHSA-6r7c-6w96-8pvw","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-6r7c-6w96-8pvw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18210?format=json","purl":"pkg:nuget/AjaxNetProfessional@21.11.29.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/AjaxNetProfessional@21.11.29.1"}],"aliases":["CVE-2021-23758","GHSA-6r7c-6w96-8pvw","GMS-2021-78"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zr29-7c8j-67hd"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/AjaxNetProfessional@21.11.29"}