CVE-2010-1459

EPSS 0.41%
Published 27.05.2010 19:00:00
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Mono ≫ Mono Version1.0

Mono ≫ Mono Version1.0.1

Mono ≫ Mono Version1.0.2

Mono ≫ Mono Version1.0.4

Mono ≫ Mono Version1.0.5

Mono ≫ Mono Version1.0.6

Mono ≫ Mono Version1.1.1

Mono ≫ Mono Version1.1.2

Mono ≫ Mono Version1.1.3

Mono ≫ Mono Version1.1.4

Mono ≫ Mono Version1.1.5

Mono ≫ Mono Version1.1.6

Mono ≫ Mono Version1.1.7

Mono ≫ Mono Version1.1.8

Mono ≫ Mono Version1.1.8.1

Mono ≫ Mono Version1.1.8.3

Mono ≫ Mono Version1.1.9

Mono ≫ Mono Version1.1.9.1

Mono ≫ Mono Version1.1.9.2

Mono ≫ Mono Version1.1.10

Mono ≫ Mono Version1.1.10.1

Mono ≫ Mono Version1.1.11

Mono ≫ Mono Version1.1.12

Mono ≫ Mono Version1.1.12.1

Mono ≫ Mono Version1.1.13

Mono ≫ Mono Version1.1.13.2

Mono ≫ Mono Version1.1.13.4

Mono ≫ Mono Version1.1.13.5

Mono ≫ Mono Version1.1.13.6

Mono ≫ Mono Version1.1.13.7

Mono ≫ Mono Version1.1.13.8

Mono ≫ Mono Version1.1.13.8.1

Mono ≫ Mono Version1.1.14

Mono ≫ Mono Version1.1.15

Mono ≫ Mono Version1.1.16

Mono ≫ Mono Version1.1.16.1

Mono ≫ Mono Version1.1.17

Mono ≫ Mono Version1.1.17.1

Mono ≫ Mono Version1.1.17.2

Mono ≫ Mono Version1.1.18

Mono ≫ Mono Version1.2

Mono ≫ Mono Version1.2.1

Mono ≫ Mono Version1.2.2

Mono ≫ Mono Version1.2.2.1

Mono ≫ Mono Version1.2.3

Mono ≫ Mono Version1.2.3.1

Mono ≫ Mono Version1.2.4

Mono ≫ Mono Version1.2.5

Mono ≫ Mono Version1.2.5.1

Mono ≫ Mono Version1.2.5.2

Mono ≫ Mono Version1.2.6

Mono ≫ Mono Version1.9

Mono ≫ Mono Version1.9.1

Mono ≫ Mono Version2.0

Mono ≫ Mono Version2.0.1

Mono ≫ Mono Version2.2

Mono ≫ Mono Version2.4

Mono ≫ Mono Version2.4.2

Mono ≫ Mono Version2.4.2.1

Mono ≫ Mono Version2.4.2.2

Mono ≫ Mono Version2.4.2.3

Mono ≫ Mono Version2.4.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.41%	0.584

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx

http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting

Vendor Advisory

http://www.securityfocus.com/bid/40351

https://nvd.nist.gov/vuln/detail/CVE-2010-1459

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-1459

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-1459

EUVD