Published: 16/02/2005 Updated: 18/10/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote malicious users to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft asp.net 1.0
microsoft asp.net 1.1

source: wwwsecurityfocuscom/bid/12574/info It is reported that ASPNET is prone to various cross-site scripting attacks These issues when ASPNET converts Unicode characters ranging from U+ff00-U+ff60 to ASCII Apparently, the application fails to properly validate Unicode characters allowing an attacker to craft a malicious link contai ...

Security research reports

Original security research reports CVE-2005-0452 Original report EN: XSS vulnerability in ASPNET Original report RU: XSS уязвимость в ASPNET CVE-2005-0452 seclistsorg/bugtraq/2005/Feb/320 Microsoft ASPNET 10/11 Unicode Converter security check for standard

NVD-CWE-Other http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml http://www.securityfocus.com/bid/12574 http://secunia.com/advisories/14214 http://marc.info/?l=bugtraq&m=110867912714913&w=2 https://nvd.nist.gov https://github.com/AndreyRusyaev/secreports https://www.exploit-db.com/exploits/25110/

CVE-2005-0452

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect