Vulnerability Description
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Asp.Net | 2.0 |
Related Weaknesses (CWE)
References
- http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/
- http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/
FAQ
What is CVE-2010-2084?
CVE-2010-2084 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks ...
How severe is CVE-2010-2084?
CVE-2010-2084 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2084?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Asp.Net.