Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0807311630480.13418@faron.mitre.org>
Date: Thu, 31 Jul 2008 16:30:52 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: coley@...re.org
Subject: Re: Mono ASP.net cross site scripting issue


======================================================
Name: CVE-2008-3422
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3422
Reference: MLIST:[Mono-dev] 20080726 [PATCH] HTML encode attributes that might need encoding
Reference: URL:http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html
Reference: CONFIRM:https://bugzilla.novell.com/show_bug.cgi?id=413534

Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net
class libraries in Mono 2.0 and earlier allow remote attackers to
inject arbitrary web script or HTML via crafted attributes related to
(1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs
(RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4)
HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect
(RenderChildren).

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.