[Mono-bugs] [Bug 413534] VUL-0: Mono ASP.NET class library has potential XSS problem

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Thu Jul 31 17:11:21 EDT 2008


https://bugzilla.novell.com/show_bug.cgi?id=413534

User meissner at novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=413534#c8





--- Comment #8 from Marcus Meissner <meissner at novell.com>  2008-07-31 15:11:21 MDT ---
CVE, please use them when refering to the problem.

(If the description is incorrect, we can get it adjusted.)

======================================================
Name: CVE-2008-3422
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3422
Reference: MLIST:[Mono-dev] 20080726 [PATCH] HTML encode attributes that might
need encoding   
Reference:
URL:http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html
Reference: CONFIRM:https://bugzilla.novell.com/show_bug.cgi?id=413534

Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net
class libraries in Mono 2.0 and earlier allow remote attackers to
inject arbitrary web script or HTML via crafted attributes related to
(1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs
(RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4)
HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect
(RenderChildren).


-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.


More information about the mono-bugs mailing list