CVE-2008-3422
Summary
| CVE | CVE-2008-3422 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-07-31 21:41:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mono | Mono | 1.0 | All | All | All |
| Application | Mono | Mono | 1.0.5 | All | All | All |
| Application | Mono | Mono | 1.1.13 | All | All | All |
| Application | Mono | Mono | 1.1.13.4 | All | All | All |
| Application | Mono | Mono | 1.1.13.6 | All | All | All |
| Application | Mono | Mono | 1.1.13.7 | All | All | All |
| Application | Mono | Mono | 1.1.17 | All | All | All |
| Application | Mono | Mono | 1.1.17.1 | All | All | All |
| Application | Mono | Mono | 1.1.18 | All | All | All |
| Application | Mono | Mono | 1.1.4 | All | All | All |
| Application | Mono | Mono | 1.1.8.3 | All | All | All |
| Application | Mono | Mono | 1.2.5.1 | All | All | All |
| Application | Mono Project | Mono | 1.2.1 | All | All | All |
| Application | Mono Project | Mono | 1.2.2 | All | All | All |
| Application | Mono Project | Mono | 1.2.3 | All | All | All |
| Application | Mono Project | Mono | 1.2.4 | All | All | All |
| Application | Mono Project | Mono | 1.2.5 | All | All | All |
| Application | Mono Project | Mono | 1.2.6 | All | All | All |
| Application | Mono Project | Mono | 1.9 | All | All | All |
| Application | Mono Project | Mono | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Mono Multiple Cross-Site Scripting Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Mono ASP.net Cross-Site Scripting - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2008:018 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| [Mono-dev] [PATCH] HTML encode attributes that might need encoding | af854a3a-2127-422b-91ae-364da2661108 | lists.ximian.com | |
| Ubuntu update for mono - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Bug 413534 – VUL-0: Mono ASP.NET class library has potential XSS problem | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.novell.com | |
| USN-826-1: Mono vulnerabilities | Ubuntu security notices | af854a3a-2127-422b-91ae-364da2661108 | usn.ubuntu.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.