CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-7192

Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.198

EPSS Ranking 95.2%

CVSS Severity

CVSS v2 Score 4.3

References

http://osvdb.org/35269
http://securityreason.com/securityalert/2530
http://www.cpni.gov.uk/docs/re-20061020-00710.pdf
http://www.procheckup.com/Vulner_PR0703.php
http://www.securityfocus.com/archive/1/464796/100/0/threaded
http://www.securityfocus.com/bid/20753
http://osvdb.org/35269
http://securityreason.com/securityalert/2530
http://www.cpni.gov.uk/docs/re-20061020-00710.pdf
http://www.procheckup.com/Vulner_PR0703.php
http://www.securityfocus.com/archive/1/464796/100/0/threaded
http://www.securityfocus.com/bid/20753

Products affected by CVE-2006-7192

Microsoft » .net Framework » Version: 2.0

cpe:2.3:a:microsoft:.net_framework:2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-7192

Products

Pricing

Contact Us