This looks like a false positive, because: * obtaining the MS AJAX framework script is not a security vulnerability - it is a publicly available script that can also be served from the standard webresource handler * the presence of code that contains the `true` keyword (which is a reserved word in JavaScript as well) does not prove a command was executed on the server * the Telerik WebResource handler is supposed to combine scripts based on server settings and the fact that requesting the handler returns Telerik code is not a vulnerability by itself - this is also code that is publicly avaialble (for example, from the Telerik CDN) and it is a JavaScript code that is not generated based on the value you provided, but is always included in the response. Nevertheless, if you believe you have found a real vulnerability in the product, please follow the official guidance from this page to contact the vendor and provide a proper reproducible: https://www.telerik.com/vulnerability-disclosure-policy Regards, Marin Bratanov, Telerik
Recent CVEs
-
CVE-2022-0354
1 Post
-
CVE-2022-44142
1 Post
-
CVE-2021-45975
1 Post
-
CVE-2018-13379
1 Post
-
CVE-2019-11510
2 Post
Activity Feed
-
asd joined
-
guilhe joined
-
ngoc joined
-
moses-baba joined
-
bcobain23 joined
-
langtukids joined