Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote malicious users to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft .net_framework 1.0 |
||
microsoft .net_framework 1.1 |
||
microsoft .net_framework 2.0 |