CVE-2010-2088

Name of the Vulnerable Software and Affected Versions Microsoft .NET versions prior to 3.5 with ASP.NET

Description The issue is related to the improper handling of an unencrypted view state in ASP.NET, allowing remote attackers to conduct cross-site scripting (XSS) attacks. This is achieved by exploiting the VIEWSTATE parameter in the form control.

Recommendations For Microsoft .NET versions prior to 3.5 with ASP.NET, consider encrypting the view state to prevent exploitation. As a temporary workaround, restrict access to the form control that utilizes the VIEWSTATE parameter until a proper fix is applied.