PT-2010-3698 · Microsoft · .Net Framework+1
Published
2010-05-27
·
Updated
2010-05-28
·
CVE-2010-2088
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft .NET versions prior to 3.5 with ASP.NET
Description
The issue is related to the improper handling of an unencrypted view state in ASP.NET, allowing remote attackers to conduct cross-site scripting (XSS) attacks. This is achieved by exploiting the
VIEWSTATE parameter in the form control.Recommendations
For Microsoft .NET versions prior to 3.5 with ASP.NET, consider encrypting the view state to prevent exploitation. As a temporary workaround, restrict access to the form control that utilizes the
VIEWSTATE parameter until a proper fix is applied.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
.Net Framework
Asp.Net