Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2012-07-12T21:00:00
Updated: 2012-09-07T09:00:00
Reserved: 2012-06-14T00:00:00
Link: CVE-2012-3382
JSON object: View
NVD Information
Status : Modified
Published: 2012-07-12T21:55:08.187
Modified: 2013-04-05T03:11:57.297
Link: CVE-2012-3382
JSON object: View
Redhat Information
No data.
CWE