Cross-Site Scripting (XSS) in .NET Framework

medium Web App Scanning Plugin ID 112767

Synopsis

Cross-Site Scripting (XSS) in .NET Framework

Description

The .NET framework allows to use the direct ResolveURL in order to load static contents from the application root (root relative) and not to worry about relative or absolute paths. However, this directive can be abused to inject arbitrary content in the URL which will then be reflected in a HTML tags of the different resources using ResolveUrl in the page. The exploitation of this vulnerability allows to obtain an injection of arbitrary javascript code (Cross-Site Scripting).

Solution

It is possible to use 'HttpRuntime.AppDomainAppVirtualPath' instead of 'ResolveUrl' or using the UrlRewrite module with the regex pattern :'.*/\([a-zA-Z]\(.*'.

See Also

https://blog.isec.pl/all-is-xss-that-comes-to-the-net/

https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

Plugin Details

Severity: Medium

ID: 112767

Type: remote

Published: 5/10/2021

Updated: 4/7/2022

Scan Template: full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:microsoft:net_framework:*:*:*:*:*:*:*:*

Exploit Ease: Exploits are available

Reference Information