CVE-2014-4075: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka “MVC XSS Vulnerability.”
References
- blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx
- secunia.com/advisories/60971
- www.securityfocus.com/bid/70352
- www.securitytracker.com/id/1031023
- docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059
- nvd.nist.gov/vuln/detail/CVE-2014-4075
Code Behaviors & Features
Detect and mitigate CVE-2014-4075 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →