The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| mono(NuGet) | 0 | 2.6.4 | N/A |
CVSS Metrics
