Secunia
Login
|
|
CVE Reference: CVE-2010-1459 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2010-1459 |
|
|
Description: The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project. |
|
|
CVE Status: Candidate |
|
|
References: SUSE http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html MISC http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx CONFIRM http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting BID 40351 |
|
| Return to the previous page. |
