Back to search
CVE-2008-3422
Published: Jul 31, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
36494
third-party-advisory
x_refsource_SECUNIA
31982
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.novell.com/show_bug.cgi?id=413534
x_refsource_CONFIRM
SUSE-SR:2008:018
vendor-advisory
x_refsource_SUSE
31338
third-party-advisory
x_refsource_SECUNIA
mono-aspnet-xss(44229)
vdb-entry
x_refsource_XF
[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding
mailing-list
x_refsource_MLIST
30471
vdb-entry
x_refsource_BID
USN-826-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now