Unrated severityNVD Advisory· Published Mar 14, 2005· Updated Apr 16, 2026

CVE-2005-0509

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".

Affected products

Microsoft/.net Framework5 versions
cpe:2.3:a:microsoft:.net_framework:1.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:microsoft:.net_framework:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
Mono/Mono
cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/14325nvdPatchVendor Advisory
it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xmlnvd
marc.infonvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000