CVE-2015-6099

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 4 through 4.6

Description The issue is related to a cross-site scripting (XSS) vulnerability in ASP.NET, which allows remote attackers to inject arbitrary web script or HTML via a crafted value. This vulnerability exists due to inadequate protection of the web page structure. An attacker could exploit this vulnerability to inject client-side script into a user's browser, potentially modifying or spoofing content, conducting phishing activities, disclosing information, or performing actions on the vulnerable website that the target user has permission to perform. User interaction is required to exploit this vulnerability.

Recommendations For Microsoft .NET Framework versions 4 through 4.6, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.