Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote malicious users to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft .net_framework 2.0 |
||
microsoft .net_framework 1.1 |
||
microsoft .net_framework 1.0 |