CVE-2012-3382

EPSS 0.29%

mono - missing input sanitising

Published: 7/12/2012Modified: 4/28/2026

Also known as:DEBIAN-CVE-2012-3382

Description

Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.

Affected packages (2)

Debian/monofrom 0, < 2.10.8.1-5
Debian/monofrom 0, < 2.6.7-5.1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-3382