oss-sec mailing list archives
CVE Request: XSS in a Mono System.web error page
From: Marcus Meissner <meissner () suse de>
Date: Sat, 7 Jul 2012 00:21:40 +0200
Hi, A Nessus scan of a Novell product using Mono Web revealed a XSS attack in the Mono System.Web library. The Mono team commited a fix to their GIT. References: https://bugzilla.novell.com/show_bug.cgi?id=769799 https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2 The XSS is in the error popup of the "Forbidden extension" filter method, which filters out e.g. ".dll" files. Ciao, Marcus
Current thread:
- CVE Request: XSS in a Mono System.web error page Marcus Meissner (Jul 06)
- Re: CVE Request: XSS in a Mono System.web error page Kurt Seifried (Jul 06)