ID CVE-2006-3436
Summary Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:.net_framework:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:2.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 18-10-2018 - 16:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
oval via4
accepted 2007-08-02T14:47:15.981-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Jonathan Baker
    organization The MITRE Corporation
definition_extensions
comment Microsoft .NET Framework 2.0 (Original RTM or later) is installed
oval oval:org.mitre.oval:def:1934
description Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
family windows
id oval:org.mitre.oval:def:377
status accepted
submitted 2006-10-11T05:29:41
title Microsoft .NET Framework 2.0 Cross-Site Scripting Vulnerability
version 28
refmap via4
bid 20337
cert-vn VU#455604
hp
  • HPSBST02161
  • SSRT061264
sectrack 1017029
secunia 22307
vupen ADV-2006-3976
xf asp-http-xss(28658)
Last major update 18-10-2018 - 16:47
Published 10-10-2006 - 21:07
Last modified 18-10-2018 - 16:47
Back to Top