oss-sec mailing list archives
Mono ASP.net cross site scripting issue
From: Marcus Meissner <meissner () suse de>
Date: Thu, 31 Jul 2008 16:15:37 +0200
Hi, Dean Brettle found a cross site scripting issue in the ASP.net class libraries of Mono and potentially also for MS.NET, where you can inject code into the "action" of a FORM submit and the tags HtmlInputRadioButton.Value, HtmlImage.Src and HtmlInputImage.Src. https://bugzilla.novell.com/show_bug.cgi?id=413534 is our bugreport which was published on posting due to a public QA contact mailinglist. The proposed patch for the Html* parts is: http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html Steven, can you please assign a CVE id? Ciao, Marcus
Current thread:
- Mono ASP.net cross site scripting issue Marcus Meissner (Jul 31)
- Re: Mono ASP.net cross site scripting issue Steven M. Christey (Jul 31)