Microsoft : Security Vulnerabilities, CVEs, Published In May 2010 (XSS)
Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
Max CVSS
4.3
EPSS Score
1.06%
Published
2010-05-27
Updated
2020-04-09
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.
Max CVSS
4.3
EPSS Score
0.73%
Published
2010-05-27
Updated
2010-05-28
The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter.
Max CVSS
4.3
EPSS Score
0.73%
Published
2010-05-27
Updated
2010-05-28
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
Max CVSS
4.3
EPSS Score
2.49%
Published
2010-05-27
Updated
2010-05-28
4 vulnerabilities found