Andrey Rusyaev

**Name of the Vulnerable Software and Affected Versions** Mono version 1.0.5 **Description** The issue allows remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". This is due to multiple cross-site scripting (XSS) vulnerabilities in the Mono implementation of ASP.NET. **Recommendations** For Mono version 1.0.5, consider disabling the use of Unicode representations for ASCII fullwidth characters until a patch is available. Restrict input validation to prevent the injection of arbitrary HTML or web script.

**Name of the Vulnerable Software and Affected Versions** Microsoft ASP.NET (.Net) versions 1.0 and 1.1 to SP1 **Description** The issue allows remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". **Recommendations** For Microsoft ASP.NET (.Net) versions 1.0 and 1.1 to SP1, consider implementing input validation and sanitization to prevent the injection of malicious scripts. As a temporary workaround, restrict the use of Unicode representations for ASCII fullwidth characters in user input until a patch is available.