| ID |
CVE-2006-3436
|
| Summary |
Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 4.3 (as of 18-10-2018 - 16:47) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
PARTIAL |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
| oval
via4
|
| accepted | 2007-08-02T14:47:15.981-04:00 | | class | vulnerability | | contributors | | name | Robert L. Hollis | | organization | ThreatGuard, Inc. |
| name | Jonathan Baker | | organization | The MITRE Corporation |
| | definition_extensions | | comment | Microsoft .NET Framework 2.0 (Original RTM or later) is installed | | oval | oval:org.mitre.oval:def:1934 |
| | description | Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". | | family | windows | | id | oval:org.mitre.oval:def:377 | | status | accepted | | submitted | 2006-10-11T05:29:41 | | title | Microsoft .NET Framework 2.0 Cross-Site Scripting Vulnerability | | version | 28 |
|
| refmap
via4
|
| bid | 20337 | | cert-vn | VU#455604 | | hp | | | sectrack | 1017029 | | secunia | 22307 | | vupen | ADV-2006-3976 | | xf | asp-http-xss(28658) |
|
| Last major update |
18-10-2018 - 16:47 |
| Published |
10-10-2006 - 21:07 |
| Last modified |
18-10-2018 - 16:47 |
