Unrated severityNVD Advisory· Published May 27, 2010· Updated Jun 16, 2026
CVE-2010-2085
CVE-2010-2085
Description
The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter.
Affected products
7cpe:2.3:a:microsoft:.net_framework:1.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:microsoft:.net_framework:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.0:gold:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:*:sp3:*:*:*:*:*:*range: <=1.0
- (no CPE)range: <1.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.