Microsoft ASP.NET MVC Cross-Site Scripting (MS14-059; CVE-2014-4075)

A cross-site scripting vulnerability has been reported in ASP.NET MVC. The vulnerability is due to the way ASP.NET MVC encodes user input. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to follow a malicious link...