Описание
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.10.8.1-5ubuntu1 |
| hardy | ignored | end of life |
| lucid | released | 2.4.4~svn151842-1ubuntu4.1 |
| natty | released | 2.6.7-5ubuntu3.1 |
| oneiric | released | 2.10.5-1ubuntu0.1 |
| precise | released | 2.10.8.1-1ubuntu2.2 |
| upstream | needs-triage |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.
Cross-site scripting (XSS) vulnerability in the ProcessRequest functio ...
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить целостность защищаемой информации
EPSS
4.3 Medium
CVSS2