The default configuration of ASP.NET in Microsoft .NET prior to 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft .net framework 1.0 |
||
microsoft .net framework |