Spoofable Cookies
Microsoft asp.net has caused spoofable cookies. It does not properly encode the data string parsed to cookie name value, allowing an attacker who can perform a secondary exploit such as an XSS vulnerability in the web site to inject the spoofed cookies if the prefixes are used...