CVE-2005-0452 - Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 a

CVE-2005-0452

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".

References

Vulnerable Configurations

cpe:2.3:a:microsoft:asp.net:1.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net:1.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net:1.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net:1.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net:1.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net:1.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net:1.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net:1.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2016 - 03:11)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	12574
bugtraq	20050217 XSS vulnerabilty in ASP.Net [with details]
misc	http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml
secunia	14214

Last major update

18-10-2016 - 03:11

Published

16-02-2005 - 05:00

Last modified

18-10-2016 - 03:11