Cross Site Scrpting and ASP.NET

Posted on 2009-06-30
Last Modified: 2012-05-07
_LASTFOCUS, a default parameter in ASP.NET 2.0, is vulnerable to reflexif cross site scripting (CSS).

One suggested solution was to apply the patch MS06-056/KB922770 on the server. (Downloadable from

Unfortunately, the patch is not getting installed. The below link from microsoft suggested re-installing the framework:

I did, but no luck - the patch would not install!

Any solutions? My main problem is to get rid of CSS - please suggest.
Question by:Jeevan Bordoloi
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Expert Comment

ID: 24745376

Did anything on this link help?

Author Comment

by:Jeevan Bordoloi
ID: 24751417
I tried to install the patch, but couldn't install.
LVL 51

Expert Comment

ID: 24777926
> .. a default parameter in ASP.NET 2.0,
do you use that parameter? if not simply disable the corresponding script.

Author Comment

by:Jeevan Bordoloi
ID: 24782707
Yes, we do
LVL 51

Accepted Solution

ahoffmann earned 500 total points
ID: 24782886
then I see following possibilities:
1) wait 'til you get an installable patch
2) fix the code
3) write a wrapper script which checks its input for XSS and forwards to the vulnerable script if the input matches your rules

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OnPage: Incident management and secure messaging on your smartphone
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question