Detections
Analytics

CVE-2006-3436

medium

Description

Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A377

https://exchange.xforce.ibmcloud.com/vulnerabilities/28658

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-056

http://www.vupen.com/english/advisories/2006/3976

http://www.securityfocus.com/bid/20337

http://www.securityfocus.com/archive/1/449179/100/0/threaded

http://www.kb.cert.org/vuls/id/455604

http://securitytracker.com/id?1017029

http://secunia.com/advisories/22307

Details

Source: Mitre, NVD

Published: 2006-10-10

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.6602