What is the severity of CVE-2010-1459?

CVE-2010-1459 is classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.

How do I fix CVE-2010-1459?

To fix CVE-2010-1459, upgrade to Mono version 2.6.4 or later where the EnableViewStateMac property is set to TRUE by default.

What type of attacks are possible with CVE-2010-1459?

CVE-2010-1459 allows remote attackers to conduct cross-site scripting (XSS) attacks by exploiting the __VIEWSTATE parameter.

Which versions of Mono are affected by CVE-2010-1459?

CVE-2010-1459 affects all versions of Mono prior to 2.6.4, including 1.0 up to 2.6.3.

What does the EnableViewStateMac property do in relation to CVE-2010-1459?

The EnableViewStateMac property, when set to FALSE, compromises the integrity of the view state in ASP.NET, making it vulnerable to XSS attacks as demonstrated in CVE-2010-1459.

Vulnerability/
CVE-2010-1459

medium

4.3

CWE

27/5/2010

2/5/2022

11/4/2025

CVE-2010-1459: XSS

First published: Thu May 27 2010(Updated: )

The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
nuget/mono	<2.6.4	2.6.4
Mono	=1.0
Mono	=1.0.1
Mono	=1.0.2
Mono	=1.0.4
Mono	=1.0.5
Mono	=1.0.6
Mono	=1.1.1
Mono	=1.1.2
Mono	=1.1.3
Mono	=1.1.4
Mono	=1.1.5
Mono	=1.1.6
Mono	=1.1.7
Mono	=1.1.8
Mono	=1.1.8.1
Mono	=1.1.8.3
Mono	=1.1.9
Mono	=1.1.9.1
Mono	=1.1.9.2
Mono	=1.1.10
Mono	=1.1.10.1
Mono	=1.1.11
Mono	=1.1.12
Mono	=1.1.12.1
Mono	=1.1.13
Mono	=1.1.13.2
Mono	=1.1.13.4
Mono	=1.1.13.5
Mono	=1.1.13.6
Mono	=1.1.13.7
Mono	=1.1.13.8
Mono	=1.1.13.8.1
Mono	=1.1.14
Mono	=1.1.15
Mono	=1.1.16
Mono	=1.1.16.1
Mono	=1.1.17
Mono	=1.1.17.1
Mono	=1.1.17.2
Mono	=1.1.18
Mono	=1.2
Mono	=1.2.1
Mono	=1.2.2
Mono	=1.2.2.1
Mono	=1.2.3
Mono	=1.2.3.1
Mono	=1.2.4
Mono	=1.2.5
Mono	=1.2.5.1
Mono	=1.2.5.2
Mono	=1.2.6
Mono	=1.9
Mono	=1.9.1
Mono	=2.0
Mono	=2.0.1
Mono	=2.2
Mono	=2.4
Mono	=2.4.2
Mono	=2.4.2.1
Mono	=2.4.2.2
Mono	=2.4.2.3
Mono	=2.4.3
	=1.0
	=1.0.1
	=1.0.2
	=1.0.4
	=1.0.5
	=1.0.6
	=1.1.1
	=1.1.2
	=1.1.3
	=1.1.4
	=1.1.5
	=1.1.6
	=1.1.7
	=1.1.8
	=1.1.8.1
	=1.1.8.3
	=1.1.9
	=1.1.9.1
	=1.1.9.2
	=1.1.10
	=1.1.10.1
	=1.1.11
	=1.1.12
	=1.1.12.1
	=1.1.13
	=1.1.13.2
	=1.1.13.4
	=1.1.13.5
	=1.1.13.6
	=1.1.13.7
	=1.1.13.8
	=1.1.13.8.1
	=1.1.14
	=1.1.15
	=1.1.16
	=1.1.16.1
	=1.1.17
	=1.1.17.1
	=1.1.17.2
	=1.1.18
	=1.2
	=1.2.1
	=1.2.2
	=1.2.2.1
	=1.2.3
	=1.2.3.1
	=1.2.4
	=1.2.5
	=1.2.5.1
	=1.2.5.2
	=1.2.6
	=1.9
	=1.9.1
	=2.0
	=2.0.1
	=2.2
	=2.4
	=2.4.2
	=2.4.2.1
	=2.4.2.2
	=2.4.2.3
	=2.4.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-1459?
CVE-2010-1459 is classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2010-1459?
To fix CVE-2010-1459, upgrade to Mono version 2.6.4 or later where the EnableViewStateMac property is set to TRUE by default.
What type of attacks are possible with CVE-2010-1459?
CVE-2010-1459 allows remote attackers to conduct cross-site scripting (XSS) attacks by exploiting the __VIEWSTATE parameter.
Which versions of Mono are affected by CVE-2010-1459?
CVE-2010-1459 affects all versions of Mono prior to 2.6.4, including 1.0 up to 2.6.3.
What does the EnableViewStateMac property do in relation to CVE-2010-1459?
The EnableViewStateMac property, when set to FALSE, compromises the integrity of the view state in ASP.NET, making it vulnerable to XSS attacks as demonstrated in CVE-2010-1459.

agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-g5c6-w479-93xm
alias/CVE-2010-1459
agent/software-canonical-lookup
agent/references
agent/severity
agent/weakness
agent/description
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
collector/nvd-cve
source/NVD
collector/nvd-api
package-manager/nuget
vendor/mono
canonical/mono
version/mono/1.0
version/mono/1.0.1
version/mono/1.0.2
version/mono/1.0.4
version/mono/1.0.5
version/mono/1.0.6
version/mono/1.1.1
version/mono/1.1.2
version/mono/1.1.3
version/mono/1.1.4
version/mono/1.1.5
version/mono/1.1.6
version/mono/1.1.7
version/mono/1.1.8
version/mono/1.1.8.1
version/mono/1.1.8.3
version/mono/1.1.9
version/mono/1.1.9.1
version/mono/1.1.9.2
version/mono/1.1.10
version/mono/1.1.10.1
version/mono/1.1.11
version/mono/1.1.12
version/mono/1.1.12.1
version/mono/1.1.13
version/mono/1.1.13.2
version/mono/1.1.13.4
version/mono/1.1.13.5
version/mono/1.1.13.6
version/mono/1.1.13.7
version/mono/1.1.13.8
version/mono/1.1.13.8.1
version/mono/1.1.14
version/mono/1.1.15
version/mono/1.1.16
version/mono/1.1.16.1
version/mono/1.1.17
version/mono/1.1.17.1
version/mono/1.1.17.2
version/mono/1.1.18
version/mono/1.2
version/mono/1.2.1
version/mono/1.2.2
version/mono/1.2.2.1
version/mono/1.2.3
version/mono/1.2.3.1
version/mono/1.2.4
version/mono/1.2.5
version/mono/1.2.5.1
version/mono/1.2.5.2
version/mono/1.2.6
version/mono/1.9
version/mono/1.9.1
version/mono/2.0
version/mono/2.0.1
version/mono/2.2
version/mono/2.4
version/mono/2.4.2
version/mono/2.4.2.1
version/mono/2.4.2.2
version/mono/2.4.2.3
version/mono/2.4.3