Unrated severityNVD Advisory· Published Aug 27, 2008· Updated Jun 16, 2026
CVE-2008-3842
CVE-2008-3842
Description
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence.
Affected products
5cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:2.0:*:*:*:*:*:*:*
- (no CPE)range: without MS07-040 update
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.