CVE-2005-0452
ASP.NET 1.0-1.1 SP1 - Cross-Site Scripting via Unicode Fullwidth Character Conversion
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-0452. PoCs published by Andrey Rusyaev.
AI-analyzed exploit summary The exploit describes a cross-site scripting (XSS) vulnerability in ASP.NET due to improper handling of Unicode characters (U+ff00-U+ff60). An attacker can craft a malicious link with arbitrary HTML or script code to execute in a user's browser.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
Exploits (1)
The exploit describes a cross-site scripting (XSS) vulnerability in ASP.NET due to improper handling of Unicode characters (U+ff00-U+ff60). An attacker can craft a malicious link with arbitrary HTML or script code to execute in a user's browser.