Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3422

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3422
Last Modified 07 Mar 2011 10:10:45
Published 31 Jul 2008 05:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3422

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).

Vulnerable Systems

Application

  • Mono 1.0

  • Mono 1.0.5

  • Mono 1.1.13

  • Mono 1.1.13.4

  • Mono 1.1.13.6

  • Mono 1.1.13.7

  • Mono 1.1.17

  • Mono 1.1.17.1

  • Mono 1.1.18

  • Mono 1.1.4

  • Mono 1.1.8.3

  • Mono 1.2.5.1

  • Mono Project Mono 1.2.1

  • Mono Project Mono 1.2.2

  • Mono Project Mono 1.2.3

  • Mono Project Mono 1.2.4

  • Mono Project Mono 1.2.5

  • Mono Project Mono 1.2.6

  • Mono Project Mono 1.9

  • Mono Project Mono 2.0


References

MLIST - [Mono-dev] 20080726 [PATCH] HTML encode attributes that might need encoding

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=413534

XF - mono-aspnet-xss(44229)

UBUNTU - USN-826-1

BID - 30471

SECUNIA - 36494

SECUNIA - 31982

SECUNIA - 31338

MLIST - [mono-devel-list] 20080726 [Mono-dev] [PATCH] HTML encode attributes that might need encoding

SUSE - SUSE-SR:2008:018

Related Patches

Novell SUSE 2008:5560 bytefx-data-mysql security update for SLE 10 i586


Last Updated: 27 May 2016 10:48:12