{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-04-29T00:00:00", "descriptions": [{"lang": "en", "value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-06-23T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"}, {"tags": ["x_refsource_MISC"], "url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"}, {"name": "SUSE-SR:2010:013", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"name": "40351", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/40351"}, {"name": "SUSE-SR:2010:012", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1459", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting", "refsource": "CONFIRM", "url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"}, {"name": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx", "refsource": "MISC", "url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"}, {"name": "SUSE-SR:2010:013", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"name": "40351", "refsource": "BID", "url": "http://www.securityfocus.com/bid/40351"}, {"name": "SUSE-SR:2010:012", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"}, {"name": "SUSE-SR:2010:014", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:28:40.693Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"}, {"name": "SUSE-SR:2010:013", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"name": "40351", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/40351"}, {"name": "SUSE-SR:2010:012", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1459", "datePublished": "2010-05-27T18:32:00", "dateReserved": "2010-04-16T00:00:00", "dateUpdated": "2024-08-07T01:28:40.693Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B31A3175-7CC6-4367-9A3C-F3324156C818", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3309DF2-A3A7-4016-95D9-ABB4230083FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "098D040B-CD80-41A6-A3DF-06C379BCABA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "293D8EF8-8A6B-4EBE-B145-C909ADBE32E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "DBB77289-2AED-4BD4-9578-FEB0EC83701E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "CA1D2C56-70EA-48F4-A3B3-1080DF8ABC5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7E03067-D1B7-427A-8800-A40DDAF466FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "23B3DD31-D316-422F-A3E4-9C7D85E0F26C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "42E75C91-A3D2-479B-9F3F-B97BC75A5B57", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "A4299404-6C79-4B21-BB8C-115FA1E3AC28", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "944E7E22-41CA-4E2D-B31A-E602B41C34A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "D9F638AC-EBDC-4886-B798-42D12557573A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "FE6384D7-7899-4D7F-B478-BDEDDA415054", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "D7DEAABB-265B-45B3-8A87-86EB5CCEAE5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "3E1B76E4-C12D-4BC6-8745-1AB5C5F32B53", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "919CAD10-2F17-4F94-8116-815E77F5E998", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "2F79FC32-28BB-44F7-AA6E-E15B24692483", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0546335-1EEF-4946-8B94-69F91697D511", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "2D24AC82-5BCE-4D9F-8DF1-24BE6C255553", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "F1A85E81-0778-46B1-A932-C14B6DC08A68", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "82CA587E-7272-4C7C-90D3-D0CCBAA76348", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "30593717-0C0E-4F05-8690-4A47CA724C20", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "723D4817-BB5F-4D65-9258-B0E2992F2738", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "A986CA3E-05A4-4D42-86E4-A7AA3A20298B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "19877D33-5DBF-40D7-87CB-545558C64771", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "29CFCD33-C188-409F-B07A-1F1A064894DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*", "matchCriteriaId": "F64E7267-E010-4FC8-879A-448C85BC250B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.5:*:*:*:*:*:*:*", "matchCriteriaId": "DC4D32E8-B90B-432D-B6A3-5F9DDEECC206", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*", "matchCriteriaId": "683F75A5-E4E4-4416-8E1C-A2C694A30BA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*", "matchCriteriaId": "EBE3CDD7-8553-4CB7-A0A7-B059B4D75B0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.8:*:*:*:*:*:*:*", "matchCriteriaId": "2E7AE533-E1E8-494F-BE86-0BFDF30AD3B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "0BB26E71-AC67-4B9E-BDAE-835DA8C2C443", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C9252266-4293-49E3-9492-67F4AF80335B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "2D22A05F-650E-484D-9F78-8C821EA103E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "0034178B-13CC-43A0-BBBA-988EC558DA5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "5014D928-E0E3-4B75-B4B8-44D193446505", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "DE2C11F2-2A21-481E-8350-F3777A0A8033", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*", "matchCriteriaId": "EFC21FA7-648F-4E41-962B-664140FA4812", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.17.2:*:*:*:*:*:*:*", "matchCriteriaId": "9788C5D4-ECD7-4F2E-BE0F-F4FFE626A3A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "A9FF02E9-070C-4AAA-ABB7-26FC9E56C7A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AA4FE4B4-7514-460F-AD14-40184115092A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2AA11C84-3102-429E-951A-698CE023FDB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "F6003FD8-B371-44AE-B565-6205F68117A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE1FD98F-ED5D-4247-BC79-1FABC1684557", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "87E41880-769F-499E-AFB3-62B78AB765F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F5558CC-9D71-472C-B9B5-20481A333AC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "0895ECCA-B8B3-46BD-9ADE-258AAF205D90", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "3F3AB679-5630-4F0B-9DF7-D64AFA970D44", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC72C972-FF09-4A5D-9AD4-A422EDADF5AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "28E60798-6722-4B4F-B06E-7C1E1FDF92EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "66E14236-3F37-4047-A3EF-32E9923C35FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "18C24C8F-0967-4C1B-8F19-696707C2064B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "0D28CEA5-CA8A-4830-A134-1589AD98B334", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4BB536F-79EB-42AF-B17B-49BE47CFC215", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FE2CA7F0-C5ED-450D-BAEE-300E27AAD13D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A08F0EFF-9F4D-4DD3-BD55-71F34B70648B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "A12EEE2B-E956-4889-9C55-F23968C17E7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "3E59557D-42A7-4189-97DD-45F31DC1AB6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA6DFB1E-1DBD-459C-95FE-841253F4F6A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "E95734E0-1349-4C3C-9557-ADEEA1014C38", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "BFBAA1F5-522B-4357-B9E8-FC15053C75A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mono:mono:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "B25BDA5E-E1AB-4C9A-A53B-B8863F2A2A40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto de ASP.NET de Mono anterior a v2.6.4 tiene valor FALSE en la propiedad EnableViewStateMac, esto permite a atacantes remotos provocar un ataque de secuencias de comandos en sitios cruzados (XSS), como se ha demostrado con el par\u00e1metro \r\n__VIEWSTATE en 2.0/menu/menu1.aspx en el XSP sample project."}], "id": "CVE-2010-1459", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-05-27T19:00:00.953", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/40351"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/40351"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Mono: View State Cross-Site Scripting", "id": "598155", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598155"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."], "name": "CVE-2010-1459", "public_date": "2010-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-1459"], "threat_severity": "Moderate"}

{}