Date: Thu, 31 Jul 2008 16:15:37 +0200 From: Marcus Meissner <meissner@...e.de> To: oss-security@...ts.openwall.com, coley@...re.org Subject: Mono ASP.net cross site scripting issue Hi, Dean Brettle found a cross site scripting issue in the ASP.net class libraries of Mono and potentially also for MS.NET, where you can inject code into the "action" of a FORM submit and the tags HtmlInputRadioButton.Value, HtmlImage.Src and HtmlInputImage.Src. https://bugzilla.novell.com/show_bug.cgi?id=413534 is our bugreport which was published on posting due to a public QA contact mailinglist. The proposed patch for the Html* parts is: http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html Steven, can you please assign a CVE id? Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.