Cross-Site Scripting Vulnerabilities in ASP.NET by Mono
CVE-2005-0509

Currently unrated

Key Information:

Vendor: Microsoft
Status: .net Framework; Mono
Vendor: CVE Published:; 14 March 2005

What is CVE-2005-0509?

The Mono 1.0.5 implementation of ASP.NET is susceptible to multiple cross-site scripting vulnerabilities. These flaws can be exploited by remote attackers to inject malicious HTML or JavaScript through specific Unicode representations for ASCII fullwidth characters. When these characters are processed, they are converted into standard ASCII characters, allowing potential execution of arbitrary scripts that could compromise user data and site integrity.

References

http://marc.info/?l=bugtraq&m=110867912714913&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/14325

third-party-advisoryx_refsource_SECUNIA

http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml

x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 14, 2005
Vulnerability Reserved
Feb 22, 2005

Microsoft

What is CVE-2005-0509?

References

EPSS Score

Timeline