VYPR
Unrated severityNVD Advisory· Published May 27, 2010· Updated Jun 16, 2026

CVE-2010-2085

CVE-2010-2085

Description

The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter.

Affected products

7
  • cpe:2.3:a:microsoft:.net_framework:1.0:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:microsoft:.net_framework:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:1.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:1.0:gold:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:1.0:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:1.0:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:.net_framework:*:sp3:*:*:*:*:*:*range: <=1.0
    • (no CPE)range: <1.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.