Jaswinder Hayre

**Name of the Vulnerable Software and Affected Versions** Microsoft .NET Framework version 2.0 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving ASP.NET controls that set the `AutoPostBack` property to true. This could enable an attacker to spoof content, disclose information, or take any action that the user could take on the affected web site. Exploitation of this issue requires user interaction. **Recommendations** For Microsoft .NET Framework version 2.0, consider disabling ASP.NET controls that set the `AutoPostBack` property to true as a temporary workaround until a patch is available. Restrict access to sensitive areas of the web site to minimize the risk of exploitation. Avoid using the `AutoPostBack` property in ASP.NET controls until the issue is resolved.