The host is running Microsoft .NET and is prone to Cross-Site Scripting Vulnerability.
Successful exploitation could allow attackers to conduct cross-site scripting attacks against the form control via the __VIEWSTATE parameter.
Upgrade to Microsoft .NET 1.1 or later, For updates refer to http://www.microsoft.com/downloads/details.aspx?displaylang=en
The flaw is due to error in the default configuration of 'ASP.NET' it has a value of FALSE for the EnableViewStateMac property when processing the '__VIEWSTATE' parameter.
Microsoft .NET version prior to 1.1
- Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability
- Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability
- Microsoft Update to Improve Cryptography and Digital Certificate Handling (2854544)
- Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
- MS IE Information Disclosure and Web Site Spoofing Vulnerabilities