CVE-2012-1861

2012-07-1021:55:00

CWE-79

[email protected]

web.nvd.nist.gov

108

cve-2012-1861

cross-site scripting

xss

microsoft sharepoint

sharepoint server

sharepoint foundation

office web apps

nvd

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.837 High

EPSS

Percentile

98.4%

JSON

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka “SharePoint Script in Username Vulnerability.”

CPENameOperatorVersion
microsoft:sharepoint_servermicrosoft sharepoint servereq2010
microsoft:office_web_appsmicrosoft office web appseq2010
microsoft:sharepoint_foundationmicrosoft sharepoint foundationeq2010

CPE	Name	Operator	Version
microsoft:sharepoint_server	microsoft sharepoint server	eq	2010
microsoft:office_web_apps	microsoft office web apps	eq	2010
microsoft:sharepoint_foundation	microsoft sharepoint foundation	eq	2010