CVE-2012-3382 in Monoinfo

Summary

Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

06/14/2012

Disclosure

07/12/2012

Moderation

VulDB entry created

Entries

VDB-61271 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

4.3

EPSS

0.00295

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-3382
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3382
CVE Details	https://www.cvedetails.com/cve/CVE-2012-3382/

◂ Previous Overview Next ▸