Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Asynchronous Javascript allows hackers to inject malicious code through user input
CVE-2025-68846
Summary
A security flaw in Asynchronous Javascript versions 1.3.5 and earlier allows hackers to inject malicious code into a web page through user input, potentially stealing sensitive information or taking control of a user's session. This means that if a user visits a malicious website that uses the vulnerable version of Asynchronous Javascript, they may be at risk. Update to the latest version of Asynchronous Javascript to fix this issue.
Original title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue af...
Original description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through <= 1.3.5.
nvd CVSS3.1
7.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026