CVE-2008-3422

Name of the Vulnerable Software and Affected Versions Mono versions 2.0 and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to several components, including HtmlControl.cs, HtmlForm.cs, HtmlInputButton, HtmlInputRadioButton, and HtmlSelect.

Recommendations For Mono versions 2.0 and earlier, consider disabling the affected ASP.net class libraries until a patch is available. Restrict access to the vulnerable components, such as HtmlControl.cs, HtmlForm.cs, HtmlInputButton, HtmlInputRadioButton, and HtmlSelect, to minimize the risk of exploitation. Avoid using crafted attributes that could lead to XSS attacks in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.