CVE-2008-3422

CVE	CVE-2008-3422
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-07-31 21:41:00 UTC
Updated	2018-10-03 21:55:00 UTC
Description	Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).

Problem Types: CWE-79

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mono	Mono	1.0	All	All	All
Application	Mono	Mono	1.0.5	All	All	All
Application	Mono	Mono	1.1.13	All	All	All
Application	Mono	Mono	1.1.13.4	All	All	All
Application	Mono	Mono	1.1.13.6	All	All	All
Application	Mono	Mono	1.1.13.7	All	All	All
Application	Mono	Mono	1.1.17	All	All	All
Application	Mono	Mono	1.1.17.1	All	All	All
Application	Mono	Mono	1.1.18	All	All	All
Application	Mono	Mono	1.1.4	All	All	All
Application	Mono	Mono	1.1.8.3	All	All	All
Application	Mono	Mono	1.2.5.1	All	All	All
Application	Mono	Mono	1.0	All	All	All
Application	Mono	Mono	1.0.5	All	All	All
Application	Mono	Mono	1.1.13	All	All	All
Application	Mono	Mono	1.1.13.4	All	All	All
Application	Mono	Mono	1.1.13.6	All	All	All
Application	Mono	Mono	1.1.13.7	All	All	All
Application	Mono	Mono	1.1.17	All	All	All
Application	Mono	Mono	1.1.17.1	All	All	All
Application	Mono	Mono	1.1.18	All	All	All
Application	Mono	Mono	1.1.4	All	All	All
Application	Mono	Mono	1.1.8.3	All	All	All
Application	Mono	Mono	1.2.5.1	All	All	All
Application	Mono Project	Mono	1.2.1	All	All	All
Application	Mono Project	Mono	1.2.2	All	All	All
Application	Mono Project	Mono	1.2.3	All	All	All
Application	Mono Project	Mono	1.2.4	All	All	All
Application	Mono Project	Mono	1.2.5	All	All	All
Application	Mono Project	Mono	1.2.6	All	All	All
Application	Mono Project	Mono	1.9	All	All	All
Application	Mono Project	Mono	1.2.1	All	All	All
Application	Mono Project	Mono	1.2.2	All	All	All
Application	Mono Project	Mono	1.2.3	All	All	All
Application	Mono Project	Mono	1.2.4	All	All	All
Application	Mono Project	Mono	1.2.5	All	All	All
Application	Mono Project	Mono	1.2.6	All	All	All
Application	Mono Project	Mono	1.9	All	All	All
Application	Mono Project	Mono	All	All	All	All

Reference	Source	Link	Tags
[Mono-dev] [PATCH] HTML encode attributes that might need encoding	MLIST	lists.ximian.com
USN-826-1: Mono vulnerabilities \| Ubuntu security notices	UBUNTU	usn.ubuntu.com
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:018	SUSE	lists.opensuse.org
SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Mono Multiple Cross-Site Scripting Vulnerabilities	BID	www.securityfocus.com
Bug 413534 – VUL-0: Mono ASP.NET class library has potential XSS problem	CONFIRM	bugzilla.novell.com
Ubuntu update for mono - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Mono ASP.net Cross-Site Scripting - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.