Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence.
Software | From | Fixed in |
---|---|---|
microsoft / .net_framework | 1.0-sp3 | 1.0-sp3.x |
microsoft / .net_framework | 1.1-sp1 | 1.1-sp1.x |
microsoft / .net_framework | 2.0 | 2.0.x |