2 matches found
CVE-2010-2085
The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks via the VIEWSTATE parameter...
CVE-2010-2085
CVE-2010-2085 affects Microsoft .NET / ASP.NET prior to 1.1, where the default EnableViewStateMac is FALSE, allowing remote attackers to perform cross-site scripting via the __VIEWSTATE parameter. This is corroborated by multiple connected sources (Red Hat advisory, OpenVAS entry, and OpenVAS/SSV...