CVE-2015-6099
Description
Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka .NET Elevation of Privilege Vulnerability.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
28.553
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cumulative Update for Windows 10 for x64-based Systems (KB3105213) | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB3097988) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB3097988) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4 on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB3097994) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4 on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB3097994) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3097996) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3097996) | Windows |
| Security Update for Microsoft .NET Framework 4.6 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3098001) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.6 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3098001) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB3097989) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB3097989) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB3097991) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB3097991) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 8, Windows RT 8, and Windows Server 2012 (KB3097995) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 8, Windows RT 8, and Windows Server 2012 (KB3097995) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.6 on Windows 8, Windows RT 8, and Windows Server 2012 (KB3097999) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.6 on Windows 8, Windows RT 8, and Windows Server 2012 (KB3097999) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB3097992) | Windows |
| Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB3097992) for x64-based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 and .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3097997) | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 and .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3097997) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.6 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3098000) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.6 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3098000) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4 on Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1 (KB3098778) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4 on Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1 (KB3098778) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3098781) | Windows |
| Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3098781) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.6 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3098786) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.6 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3098786) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 8, Windows RT 8, and Windows Server 2012 (KB3098780) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 8, Windows RT 8, and Windows Server 2012 (KB3098780) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.6 on Windows 8, Windows RT 8, and Windows Server 2012 (KB3098784) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.6 on Windows 8, Windows RT 8, and Windows Server 2012 (KB3098784) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 and .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3098779) | Windows |
| Security Update for Microsoft .NET Framework 4.5.1 and .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3098779) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4.6 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3098785) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4.6 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3098785) x64 bases systems | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-19172 | Cumulative Update for Windows 10 for x64-based Systems (KB3105213) |
| PATCH-19300 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB3097988) |
| PATCH-19301 | Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB3097988) |
| PATCH-19302 | Security Update for Microsoft .NET Framework 4 on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB3097994) |
| PATCH-19303 | Security Update for Microsoft .NET Framework 4 on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB3097994) |
| PATCH-19304 | Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3097996) |
| PATCH-19306 | Security Update for Microsoft .NET Framework 4.6 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3098001) |
| PATCH-19307 | Security Update for Microsoft .NET Framework 4.6 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3098001) |
| PATCH-19308 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB3097989) |
| PATCH-19309 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB3097989) |
| PATCH-19310 | Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB3097991) |
| PATCH-19311 | Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB3097991) |
| PATCH-19312 | Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 8, Windows RT 8, and Windows Server 2012 (KB3097995) |
| PATCH-19313 | Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 8, Windows RT 8, and Windows Server 2012 (KB3097995) |
| PATCH-19314 | Security Update for Microsoft .NET Framework 4.6 on Windows 8, Windows RT 8, and Windows Server 2012 (KB3097999) |
| PATCH-19315 | Security Update for Microsoft .NET Framework 4.6 on Windows 8, Windows RT 8, and Windows Server 2012 (KB3097999) |
| PATCH-19316 | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB3097992) |
| PATCH-19317 | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 (KB3097992) |
| PATCH-19319 | Security Update for Microsoft .NET Framework 4.5.1 and .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3097997) |
| PATCH-19320 | Security Update for Microsoft .NET Framework 4.6 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3098000) |
| PATCH-19321 | Security Update for Microsoft .NET Framework 4.6 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3098000) |
| PATCH-19322 | Security Update for Microsoft .NET Framework 4 on Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1 (KB3098778) |
| PATCH-19323 | Security Update for Microsoft .NET Framework 4 on Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1 (KB3098778) |
| PATCH-19325 | Security Update for Microsoft .NET Framework 4.5, .NET Framework 4.5.1, and .NET Framework 4.5.2 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3098781) |
| PATCH-19326 | Security Update for Microsoft .NET Framework 4.6 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3098786) |
| PATCH-19327 | Security Update for Microsoft .NET Framework 4.6 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 (KB3098786) |
| PATCH-19333 | Security Update for Microsoft .NET Framework 4.5.1 and .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3098779) |
| PATCH-19334 | Security Update for Microsoft .NET Framework 4.6 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3098785) |
| PATCH-19335 | Security Update for Microsoft .NET Framework 4.6 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3098785) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234