oss-sec mailing list archives
Re: Mono ASP.net cross site scripting issue
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 31 Jul 2008 16:30:52 -0400 (EDT)
====================================================== Name: CVE-2008-3422 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3422 Reference: MLIST:[Mono-dev] 20080726 [PATCH] HTML encode attributes that might need encoding Reference: URL:http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html Reference: CONFIRM:https://bugzilla.novell.com/show_bug.cgi?id=413534 Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).
Current thread:
- Mono ASP.net cross site scripting issue Marcus Meissner (Jul 31)
- Re: Mono ASP.net cross site scripting issue Steven M. Christey (Jul 31)