Lucene search
HistoryMay 27, 2010 - 7:00 p.m.
CVE-2010-2085
cve-2010-2085
asp.net
microsoft .net
enableviewstatemac
cross-site scripting
xss
nvd
5.9 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.1%
The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter.
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft:.net_framework | microsoft .net framework | eq | 1.0 |
Related
openvas
openvas
Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability
2010-06-09 00:00:00
Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability
2010-06-09 00:00:00
prion
prion
Cross site scripting
2010-05-27 19:00:00
seebug
seebug
Microsoft .NET Framework 3.5 ViewState远程跨站脚本漏洞
2010-05-31 00:00:00
5.9 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.1%
Related for CVE-2010-2085