CVE-2010-2088

CVE Database · CVE-2010-2088

CVE-2010-2088

· N/AModified

CVSS v3.1

N/A

EPSS

9.00%

Published

May 27, 2010

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.

Weaknesses (CWE)

CWE-79

Affected Products (1)

microsoft · asp.netvulnerable

References (4)

http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf

Exploit

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt

Exploit

http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf

Exploit

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt

Exploit

KEV Catalog EPSS Scores Vendors All CVEs