Launchpad.net

CVE 2008-3422

Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).

Related bugs and status

CVE-2008-3422 (Candidate) is related to these bugs:

Bug #282952: Please merge mono 1.9.1+dfsg-4 from Debian Unstable

		In	Importance	Status
282952	Please merge mono 1.9.1+dfsg-4 from Debian Unstable	mono (Ubuntu)	Undecided	Fix Released
282952	Please merge mono 1.9.1+dfsg-4 from Debian Unstable	mono (Debian)	Unknown	Fix Released
282952	Please merge mono 1.9.1+dfsg-4 from Debian Unstable	mono (Ubuntu Intrepid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.novel...
SUSE: SUSE-SR:2008:018
BID: 30471
SECUNIA: 31338
SECUNIA: 31982
SECUNIA: 36494
MLIST: [mono-devel-list] 2008...
XF: mono-aspnet-xss(44229)
UBUNTU: USN-826-1