CVSS: 7.5EPSS: 0%CPEs: 101EXPL: 0CVE-2017-0249
https://notcve.org/view.php?id=CVE-2017-0249
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Existe una vulnerabilidad de elevación de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web. • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 12%CPEs: 5EXPL: 0CVE-2014-4075
https://notcve.org/view.php?id=CVE-2014-4075
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability." Vulnerabilidad de XSS en System.Web.Mvc.dll en Microsoft ASP.NET Model View Controller (MVC) 2.0 hasta 5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una página web manipulada, también conocido como 'vulnerabilidad de XSS de MVC.' • http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx http://secunia.com/advisories/60971 http://www.securityfocus.com/bid/70352 http://www.securitytracker.com/id/1031023 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 75%CPEs: 6EXPL: 0CVE-2013-5042
https://notcve.org/view.php?id=CVE-2013-5042
Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability." Vulnerabilidad de XSS en Microsoft ASP.NET SignalR 1.1.x anterior a la versión 1.1.4 y 2.0.x anterior a 2.0.1, y Visual Studio Team Foundation Server 2013, permite a atacantes remotos inyectar script web arbitrario o HTML a través del protocolo de transporte de datos Forever Frame manipulado, también conocido como "Vulnerabilidad de XSS en SingnalR". • http://www.securitytracker.com/id/1029463 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-103 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2084
https://notcve.org/view.php?id=CVE-2010-2084
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute. Microsoft ASP.NET v2.0 no previene fijar la propiedad InnerHtml en un control que hereda de HtmlContainerControl, lo que permite a atacantes remotos conducir un ataque de ejecución de secuencias de comandos en sitios cruzados (XSS) a través de vectores relativos a un atributo. • http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2010-2088
https://notcve.org/view.php?id=CVE-2010-2088
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter. ASP.NET en Microsoft .NET 3.5 no maneja de forma adecuada el estado de vista no cifrada, lo que permite a atacantes remotos a producir un ataque de ejecución de secuencias de comandos en sitios cruzados (XSS) mediante el formulario de control a través del parámetro __VIEWSTATE. • http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •