CVE-2006-3436 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2006-3436
Status Candidate
Description Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
Severity High
CVSS score 7
CVSS vector (AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Phase Assigned (07.07.2006)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3436
References BID : 20337
CERT-VN : VU#455604
FRSIRT : ADV-2006-3976
HP : HPSBST02161
HP : SSRT061264
MS : MS06-056
OVAL : oval:org.mitre.oval:def:377
SECTRACK : 1017029
SECUNIA : 22307
XF : asp-http-xss(28658)

test server