[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Mono ASP.net cross site scripting issue
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2008-07-31 20:30:52
Message-ID: Pine.GSO.4.51.0807311630480.13418 () faron ! mitre ! org
[Download RAW message or body]


======================================================
Name: CVE-2008-3422
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3422
Reference: MLIST:[Mono-dev] 20080726 [PATCH] HTML encode attributes that might need encoding
Reference: URL:http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html
Reference: CONFIRM:https://bugzilla.novell.com/show_bug.cgi?id=413534

Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net
class libraries in Mono 2.0 and earlier allow remote attackers to
inject arbitrary web script or HTML via crafted attributes related to
(1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs
(RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4)
HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect
(RenderChildren).


[prev in list] [next in list] [prev in thread] [next in thread]