jvndb - jvndb-2011-000051

jvndb-2011-000051

Vulnerability from jvndb

Published

2011-07-15 16:32

Modified

2011-07-15 16:32

Severity ?

() - -

Summary

ASP.NET vulnerable to cross-site scripting

Details

ASP.NET may create web applications for mobile devices that contain a cross-site scripting vulnerability. ASP.NET contains an issue in the handling of session ID's in mobile devices. When "Mobile Controls" are used in ASP.NET to develop web applications for mobile devices, the application may contain a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN87908726/index.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Microsoft Corporation	Microsoft .NET Framework

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000051.html",
  "dc:date": "2011-07-15T16:32+09:00",
  "dcterms:issued": "2011-07-15T16:32+09:00",
  "dcterms:modified": "2011-07-15T16:32+09:00",
  "description": "ASP.NET may create web applications for mobile devices that contain a cross-site scripting vulnerability.\r\n\r\nASP.NET contains an issue in the handling of session ID\u0027s in mobile devices. When \"Mobile Controls\" are used in ASP.NET to develop web applications for mobile devices, the application may contain a cross-site scripting vulnerability.\r\n\r\nKeigo Yamazaki of LAC Co., Ltd reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000051.html",
  "sec:cpe": {
    "#text": "cpe:/a:microsoft:.net_framework",
    "@product": "Microsoft .NET Framework",
    "@vendor": "Microsoft Corporation",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-000051",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN87908726/index.html",
      "@id": "JVN#87908726",
      "@source": "JVN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "ASP.NET vulnerable to cross-site scripting"
}

Action not permitted

jvndb-2011-000051

Vulnerability from jvndb

Tags