CVE-2005-0452

Опубликовано: 16 фев. 2005

Источник: nvd

CVSS2: 4.3

EPSS Средний

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".

Ссылки

http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml
Vendor Advisory
http://marc.info/?l=bugtraq&m=110867912714913&w=2
http://secunia.com/advisories/14214
Vendor Advisory
http://www.securityfocus.com/bid/12574
Vendor Advisory
http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml
Vendor Advisory
http://marc.info/?l=bugtraq&m=110867912714913&w=2
http://secunia.com/advisories/14214
Vendor Advisory
http://www.securityfocus.com/bid/12574
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:asp.net:1.0:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:asp.net:1.0:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:asp.net:1.0:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:asp.net:1.1:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.26611

Средний

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-x884-m2m8-f8p2

github

почти 4 года назад