<div>
<a href="http://support.microsoft.com/kb/922770" rel="ugc nofollow">http://support.microsoft.com/kb/922770</a><br />
<br />
Did anything on this link help?
</div>


http://support.microsoft.com/kb/922770 [http://support.microsoft.com/kb/922770]

Did anything on this link help?

<div>
I tried to install the patch, but couldn't install. 
</div>


I tried to install the patch, but couldn't install.

<div>
&gt; .. a default parameter in ASP.NET 2.0,<br />
do you use that parameter? if not simply disable the corresponding script.
</div>


> .. a default parameter in ASP.NET 2.0,
do you use that parameter? if not simply disable the corresponding script.

<div>
<div class="content wysiwyg-content">
_LASTFOCUS, a default parameter in ASP.NET 2.0, is vulnerable to reflexif cross site scripting (CSS). <br />
<br />
One suggested solution was to apply the patch MS06-056/KB922770 on the server. (Downloadable from <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-056.mspx" rel="ugc nofollow">http://www.microsoft.com/technet/security/Bulletin/MS06-056.mspx</a>.)<br />
<br />
Unfortunately, the patch is not getting installed. The below link from microsoft suggested re-installing the framework:<br />
<a href="http://support.microsoft.com/kb/923100/" rel="ugc">http://support.microsoft.com/kb/923100/</a><br />
<br />
I did, but no luck - the patch would not install!<br />
<br />
Any solutions? My main problem is to get rid of CSS - please suggest.
</div>
</div>


_LASTFOCUS, a default parameter in ASP.NET 2.0, is vulnerable to reflexif cross site scripting (CSS). 

One suggested solution was to apply the patch MS06-056/KB922770 on the server. (Downloadable from http://www.microsoft.com/technet/security/Bulletin/MS06-056.mspx.)

Unfortunately, the patch is not getting installed. The below link from microsoft suggested re-installing the framework:
http://support.microsoft.com/kb/923100/

I did, but no luck - the patch would not install!

Any solutions? My main problem is to get rid of CSS - please suggest.

Cross Site Scrpting and ASP.NET

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

ASP.NET

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Web development can range from developing the simplest static single page of plain text to the most complex web-based internet applications, electronic businesses, and social network services using a wide variety of languages and standards, including the familiar HTML, JavaScript and jQuery, ASP and ASP.NET, PHP, ColdFusion, CSS, PHP, Flex and Flash, but also the implementation of a broad list of standards including XML, WSDL, SSDL, VoiceXML and many more.

Web Languages and Standards

Web development includes all aspects of presenting content on intranets and the Internet, including delivery development, protocols, languages and standards, server software, browser clients, databases and multimedia generation.