Description

Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.

Related CPE's

a

microsoft

.net_framework

2.0

Vulnerable

References

http://osvdb.org/35269

http://securityreason.com/securityalert/2530

http://www.cpni.gov.uk/docs/re-20061020-00710.pdf

http://www.procheckup.com/Vulner_PR0703.php

PatchVendor Advisory

http://www.securityfocus.com/archive/1/464796/100/0/threaded

http://www.securityfocus.com/bid/20753

Weaknesses

[email protected]

Primary
NVD-CWE-Other

CVSS impact metrics

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2007-04-10T22:19:00.000

17 years ago

Last modified

2018-10-16T16:29:43.460

5 years ago