Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 31 Jul 2008 16:30:52 -0400 (EDT)
From: "Steven M. Christey" <>
Subject: Re: Mono cross site scripting issue

Name: CVE-2008-3422
Status: Candidate
Reference: MLIST:[Mono-dev] 20080726 [PATCH] HTML encode attributes that might need encoding
Reference: URL:
Reference: CONFIRM:

Multiple cross-site scripting (XSS) vulnerabilities in the
class libraries in Mono 2.0 and earlier allow remote attackers to
inject arbitrary web script or HTML via crafted attributes related to
(1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs
(RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4)
HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.