XSS in Microsoft Asp.net

CVE-2010-2084

Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.075 (92.0th percentile) — read the EPSS interpretation.

Affected products

Microsoft Asp.net — versions 2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (x_refsource_MISC)