Lucene search

[email protected]CVE-2010-0817

HistoryApr 29, 2010 - 9:30 p.m.

CVE-2010-0817

2010-04-2921:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-0817

xss

vulnerability

microsoft

sharepoint

server

2007

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.845 High

EPSS

Percentile

98.5%

JSON

Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.

Affected configurations

NVD

Node

microsoftsharepoint_serverMatch2007

Node

microsoftsharepoint_servicesMatch3.0sp1x32

microsoftsharepoint_servicesMatch3.0sp1x64

microsoftsharepoint_servicesMatch3.0sp2x32

microsoftsharepoint_servicesMatch3.0sp2x64

CPENameOperatorVersion
microsoft:sharepoint_servermicrosoft sharepoint servereq2007

CPE	Name	Operator	Version
microsoft:sharepoint_server	microsoft sharepoint server	eq	2007

References

www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html

www.securityfocus.com/archive/1/511021/100/0/threaded

www.us-cert.gov/cas/techalerts/TA10-159B.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7468

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.845 High

EPSS

Percentile

98.5%

JSON

Related for CVE-2010-0817

nessus2 openvas4 prion1 nvd1 htbridge1 cvelist1 checkpoint_advisories1 securityvulns2