Lucene search
RootSSV:19708HistoryMay 31, 2010 - 12:00 a.m.
Microsoft .NET Framework 3.5 ViewState远程跨站脚本漏洞
2010-05-3100:00:00
Root
www.seebug.org
22
0.008 Low
EPSS
Percentile
81.2%
CVE ID: CVE-2010-2088,CVE-2010-2085
.NET Framework中的ASP.NET没有正确地处理未经加密的ViewState。通常ASP.Net的ViewState存储在名为 __VIEWSTATE的隐藏字段中。如果页面的ViewState没有加密签名,就可以对多个标准.Net控件执行跨站脚本攻击。
Microsoft .NET Framework 3.5
厂商补丁:
Microsoft
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
xss.aspx?__VIEWSTATE=/wEPDwUKLTgzNDA2NzgyMA9kFgJmD2QWAgIBDxYCHglpbm5lcmh0bWwFHTxzY3JpcHQ%2BYWxlcnQoJ3hzcycpPC9zY3JpcHQ%2BZGQ=
Related
openvas
openvas
Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability
2010-06-09 00:00:00
Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability
2010-06-09 00:00:00
Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability
2010-06-09 00:00:00
cve
cve
CVE-2010-2085
2022-10-03 16:21:07
CVE-2010-2088
2022-10-03 16:21:10
prion
prion
Cross site scripting
2010-05-27 19:00:00
Cross site scripting
2010-05-27 19:00:00
nvd
nvd
CVE-2010-2088
2010-05-27 19:00:01
CVE-2010-2085
2010-05-27 19:00:01
cvelist
cvelist
CVE-2010-2085
2022-10-03 16:21:07
CVE-2010-2088
2022-10-03 16:21:10