MDVSA-2012:140 -- Mandriva monoID: oval:org.secpod.oval:def:302953 | Date: (C)2012-11-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
A vulnerability has been discovered and corrected in mono: Cross-site scripting vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message . The updated packages have been patched to correct this issue.
Platform: |
Mandriva Linux 2011.0 |