CVE-2012-3382

EPSS 0.29%

mono - missing input sanitising

發布日:2012/7/12修改日:2026/4/28

也稱為:DEBIAN-CVE-2012-3382

描述

Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.

受影響套件(2)

Debian/monofrom 0, < 2.10.8.1-5
Debian/monofrom 0, < 2.6.7-5.1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-3382