Mandriva Linux Security Advisory 2012-140 - Cross-site scripting vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. The updated packages have been patched to correct this issue.
3d141ef4c46f1abdd3beec20f1fca302eb29ec58c0221662a9b904124bf1f03f
Ubuntu Security Notice 1517-1 - It was discovered that the Mono System.Web library incorrectly filtered certain error messages related to forbidden files. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. It was discovered that the Mono System.Web library incorrectly handled the EnableViewStateMac property. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
be0532b5d29f4ce5ef9813a17a2367a5ec386f67370f51d9825d90b7a5f27ec2
Debian Linux Security Advisory 2512-1 - Marcus Meissner discovered that the web server included in Mono performed insufficient sanitizing of requests, resulting in cross-site scripting.
dd9f44430c3792f55cfd3b79094cd29f9db03840ccee1c6521b22f3081775a29