CVE-2010-2084

UNRATEDCross-site scripting

Description

Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.

Affected products

Microsoft / ASP.NET2.0 – 2.0

References

MISChttp://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx

Updated 46m ago · 2 sources