Microsoft » .net Framework : Security Vulnerabilities, CVEs, Published In 2008
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence.
Max CVSS
4.3
EPSS Score
40.37%
Published
2008-08-27
Updated
2018-10-11
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.
Max CVSS
4.3
EPSS Score
39.76%
Published
2008-08-27
Updated
2018-10-30
The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
Max CVSS
10.0
EPSS Score
0.16%
Published
2008-11-17
Updated
2018-10-11
3 vulnerabilities found