Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 31 Jul 2008 16:15:37 +0200
From: Marcus Meissner <>
Subject: Mono cross site scripting issue


Dean Brettle found a cross site scripting issue in the
class libraries of Mono and potentially also for MS.NET, where you
can inject code into the "action" of a FORM submit and the tags
HtmlInputRadioButton.Value, HtmlImage.Src and HtmlInputImage.Src.
is our bugreport which was published on posting due to a
public QA contact mailinglist.

The proposed patch for the Html* parts is:

Steven, can you please assign a CVE id?

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.