Browse all 6 CVE security advisories affecting Ajax30. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ajax30 is a web application framework primarily used for building dynamic, interactive user interfaces with minimal server-side processing. Historically, it has been associated with vulnerabilities including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, often stemming from improper input validation and insecure direct object references. The framework's client-side processing model has made it susceptible to DOM-based XSS and prototype pollution attacks. While no major public security incidents have been widely documented, its CVE history reflects ongoing challenges in secure implementation, particularly when developers fail to sanitize user inputs or implement proper access controls.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41576 | Ajax30/BraveCMS-2.0: Stored HTML Injection in Contact Email via nl2br() and Unescaped Blade Template — BraveCMS-2.0CWE-79 | 7.1 | High | 2026-05-08 |
| CVE-2026-41524 | Ajax30/BraveCMS-2.0: Stored XSS in Page / Article Content — BraveCMS-2.0CWE-79 | 8.7 | High | 2026-05-08 |
| CVE-2026-35183 | Brave CMS has an Insecure Direct Object Reference in Article Image Deletion — BraveCMS-2.0CWE-639 | 7.1 | High | 2026-04-06 |
| CVE-2026-35182 | Missing Authorization Privilege Escalation — BraveCMS-2.0CWE-862 | 8.8 | High | 2026-04-06 |
| CVE-2026-35164 | Brave CMS Sffected by Unrestricted File Upload via CKEditor Endpoint — BraveCMS-2.0CWE-434 | 8.8 | High | 2026-04-06 |
| CVE-2026-35047 | Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint — BraveCMS-2.0CWE-434 | 9.8AI | CriticalAI | 2026-04-06 |
This page lists every published CVE security advisory associated with Ajax30. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.