Asp.net Model View Controller
by Microsoft
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0247 | Hig | 0.50 | 7.5 | 0.17 | May 12, 2017 | A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc… | ||
| CVE-2017-0249 | Hig | 0.48 | 7.3 | 0.04 | May 12, 2017 | An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | ||
| CVE-2017-0256 | Med | 0.35 | 5.3 | 0.04 | May 12, 2017 | A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | ||
| CVE-2014-4075 | 0.02 | — | 0.20 | Oct 15, 2014 | Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability." |
- risk 0.50cvss 7.5epss 0.17
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc…
- risk 0.48cvss 7.3epss 0.04
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
- risk 0.35cvss 5.3epss 0.04
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
- CVE-2014-4075Oct 15, 2014risk 0.02cvss —epss 0.20
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."