CVE-2010-2088

ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:asp.net:3.5:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-05-27 19:00

Updated : 2024-02-04 17:54


NVD link : CVE-2010-2088

Mitre link : CVE-2010-2088

CVE.ORG link : CVE-2010-2088


JSON object : View

Products Affected

microsoft

  • asp.net
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')