CVE-2006-3436

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework version 2.0

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving ASP.NET controls that set the AutoPostBack property to true. This could enable an attacker to spoof content, disclose information, or take any action that the user could take on the affected web site. Exploitation of this issue requires user interaction.

Recommendations For Microsoft .NET Framework version 2.0, consider disabling ASP.NET controls that set the AutoPostBack property to true as a temporary workaround until a patch is available. Restrict access to sensitive areas of the web site to minimize the risk of exploitation. Avoid using the AutoPostBack property in ASP.NET controls until the issue is resolved.