CVE-2012-3382

Name of the Vulnerable Software and Affected Versions Mono versions 2.10.8 and earlier

Description The issue concerns a cross-site scripting (XSS) vulnerability in the ProcessRequest function. This vulnerability allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. Additionally, there are multiple vulnerabilities in the Mono package that can lead to a breach of protected information integrity, and these can be exploited remotely.

Recommendations For Mono versions 2.10.8 and earlier, as a temporary workaround, consider disabling the ProcessRequest function until a patch is available. Restrict access to files with crafted names and forbidden extensions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.