CVE-2012-3382

2012-07-12T21:55:00
ID CVE-2012-3382
Type cve
Reporter cve@mitre.org
Modified 2013-04-05T03:11:00

Description

Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.