CVE-2010-1459

Name of the Vulnerable Software and Affected Versions Mono versions prior to 2.6.4

Description The default configuration of ASP.NET in Mono has a value of FALSE for the EnableViewStateMac property, allowing remote attackers to conduct cross-site scripting (XSS) attacks. This is demonstrated by the VIEWSTATE parameter to "2.0/menu/menu1.aspx" in the XSP sample project.

Recommendations For Mono versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. As a temporary workaround, consider setting the EnableViewStateMac property to TRUE to mitigate the risk of XSS attacks. Restrict access to the VIEWSTATE parameter in the affected API endpoint until the issue is resolved.