CVE-2012-3382 (retired)

Priority
Description
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in
mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and
earlier allows remote attackers to inject arbitrary web script or HTML via
a file with a crafted name and a forbidden extension, which is not properly
handled in an error message.
Assigned-to
mdeslaur
Package
Source: mono (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.10.8.1-5ubuntu1)
Patches:
Vendor:http://www.debian.org/security/2012/dsa-2512
Upstream:https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2
More Information

Updated: 2019-03-26 12:02:51 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)