mono
Page content
- Vulnerable: 1.2.6-3
- Unaffected: 1.2.6-4kalgan1
Dean Brettle has reported some security issues in Mono, which can be exploited by malicious people to conduct cross-site scripting attacks. The security issues are caused due to Mono’s ASP.net implementation not properly sanitising certain attributes (e.g. “HtmlSelect.Value”, “HtmlSelect.Text”, and the “action” attribute of the “form” element). This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
- Bug Tracker URL: http://bugs.frugalware.org/task/3306