CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-3842

Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.199

EPSS Ranking 95.1%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2008-3842

Microsoft » .net Framework » Version: 1.0

cpe:2.3:a:microsoft:.net_framework:1.0
Microsoft » .net Framework » Version: 1.1

cpe:2.3:a:microsoft:.net_framework:1.1
Microsoft » .net Framework » Version: 2.0

cpe:2.3:a:microsoft:.net_framework:2.0
Microsoft » Windows-Nt » Version: 2003

cpe:2.3:o:microsoft:windows-nt:2003
Microsoft » Windows-Nt » Version: 2008

cpe:2.3:o:microsoft:windows-nt:2008
Microsoft » Windows-Nt » Version: xp

cpe:2.3:o:microsoft:windows-nt:xp
Microsoft » Windows 2000 » Version: N/A

cpe:2.3:o:microsoft:windows_2000:-
Microsoft » Windows Vista » Version: N/A

cpe:2.3:o:microsoft:windows_vista:-
Microsoft » Windows Xp » Version: N/A

cpe:2.3:o:microsoft:windows_xp:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-3842

Products

Pricing

Contact Us