Vulnerability Information: Description: Post-Auth Unsafe Deserialization on BasePage (AJAX) Severity: Critical (CVE-2021-21247) Affected Versions: <4.0.2 Patched Version: 4.0.3 Impact: The application's registers an AJAX event listener ( ) in all pages except the login page. This listener decodes and deserializes the query parameter, making it susceptible to unsafe deserialization attacks. Exploit Example: By submitting a POST request with a crafted parameter, an attacker can exploit this vulnerability. Patches: The issue was fixed in version 4.0.3 by encrypting the serialization payload with secrets only known to the server. Credits: This issue was discovered by .