[Mono-bugs] [Bug 413534] VUL-0: Mono ASP.NET class library has potential XSS problem
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Thu Jul 31 17:11:21 EDT 2008
https://bugzilla.novell.com/show_bug.cgi?id=413534
User meissner at novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=413534#c8
--- Comment #8 from Marcus Meissner <meissner at novell.com> 2008-07-31 15:11:21 MDT ---
CVE, please use them when refering to the problem.
(If the description is incorrect, we can get it adjusted.)
======================================================
Name: CVE-2008-3422
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3422
Reference: MLIST:[Mono-dev] 20080726 [PATCH] HTML encode attributes that might
need encoding
Reference:
URL:http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html
Reference: CONFIRM:https://bugzilla.novell.com/show_bug.cgi?id=413534
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net
class libraries in Mono 2.0 and earlier allow remote attackers to
inject arbitrary web script or HTML via crafted attributes related to
(1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs
(RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4)
HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect
(RenderChildren).
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list