Description
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Andrey Rusyaev · textwebappsasp
https://www.exploit-db.com/exploits/25110
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110867912714913&w=2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14214
Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12574
Vendor Advisory x_refsource_misc
http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml
Scores
EPSS
0.2661
EPSS Percentile
96.4%
Details
Status
published
Products (2)
microsoft/asp.net
1.0 (3 CPE variants)
microsoft/asp.net
1.1 (2 CPE variants)
Published
Feb 16, 2005
Tracked Since
Feb 18, 2026