CVE-2010-2085

Microsoft .net Framework < 1.0 - XSS

Title source: rule

Description

The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter.

References (2)

Scores

EPSS 0.1186
EPSS Percentile 93.6%

Classification

CWE
CWE-79
Status published

Affected Products (7)

microsoft/.net_framework < 1.0
microsoft/.net_framework
microsoft/.net_framework
microsoft/.net_framework
microsoft/.net_framework
microsoft/.net_framework
n/a/n/a

Timeline

Published May 27, 2010
Tracked Since Feb 18, 2026