oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Mono ASP.net cross site scripting issue

From: Marcus Meissner <meissner () suse de>
Date: Thu, 31 Jul 2008 16:15:37 +0200
Hi,

Dean Brettle found a cross site scripting issue in the ASP.net
class libraries of Mono and potentially also for MS.NET, where you
can inject code into the "action" of a FORM submit and the tags
HtmlInputRadioButton.Value, HtmlImage.Src and HtmlInputImage.Src.

https://bugzilla.novell.com/show_bug.cgi?id=413534
is our bugreport which was published on posting due to a
public QA contact mailinglist.

The proposed patch for the Html* parts is:
http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html

Steven, can you please assign a CVE id?

Ciao, Marcus
Previous By Date Next
Previous By Thread Next

Current thread: