A Cross-Site Scripting vulnerability in Microsoft ASP.NET request filtering. Web applications that are coded in any .NET language and rely only on the default .NET request filtering are vulnerable to Cross-Site Scripting. If exploited, an attacker can manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. How do you fix this?