VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-a68j-a2qt-tkf2

Essentials
Severities (36)
References (14)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-a68j-a2qt-tkf2
Aliases	CVE-2010-1459 GHSA-g5c6-w479-93xm
Summary	Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2010-1459
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-g5c6-w479-93xm
generic_textual	MODERATE	https://github.com/mono/mono
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2010-1459
generic_textual	MODERATE	http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx
generic_textual	MODERATE	http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting
generic_textual	MODERATE	http://www.securityfocus.com/bid/40351

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
		http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
		http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1459.json
		https://api.first.org/data/v1/epss?cve=CVE-2010-1459
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1459
		https://github.com/mono/mono
		https://nvd.nist.gov/vuln/detail/CVE-2010-1459
		http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx
		http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting
		http://www.securityfocus.com/bid/40351
585440		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585440
598155		https://bugzilla.redhat.com/show_bug.cgi?id=598155
GHSA-g5c6-w479-93xm		https://github.com/advisories/GHSA-g5c6-w479-93xm

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.60489
EPSS Score	0.0041
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:08:36.436021+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g5c6-w479-93xm/GHSA-g5c6-w479-93xm.json	37.0.0