Search for vulnerabilities
Vulnerability details: VCID-a68j-a2qt-tkf2
Vulnerability ID VCID-a68j-a2qt-tkf2
Aliases CVE-2010-1459
GHSA-g5c6-w479-93xm
Summary Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2010-1459
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-g5c6-w479-93xm
generic_textual MODERATE https://github.com/mono/mono
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2010-1459
generic_textual MODERATE http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx
generic_textual MODERATE http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting
generic_textual MODERATE http://www.securityfocus.com/bid/40351
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1459.json
https://api.first.org/data/v1/epss?cve=CVE-2010-1459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1459
https://github.com/mono/mono
https://nvd.nist.gov/vuln/detail/CVE-2010-1459
http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx
http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting
http://www.securityfocus.com/bid/40351
585440 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585440
598155 https://bugzilla.redhat.com/show_bug.cgi?id=598155
GHSA-g5c6-w479-93xm https://github.com/advisories/GHSA-g5c6-w479-93xm
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.60489
EPSS Score 0.0041
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:08:36.436021+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g5c6-w479-93xm/GHSA-g5c6-w479-93xm.json 37.0.0