Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2012-2520
HistoryOct 09, 2012 - 9:55 p.m.

CVE-2012-2520

2012-10-0921:55:02
CWE-79
[email protected]
web.nvd.nist.gov
29
cve-2012-2520
xss vulnerability
microsoft
infopath
communicator
lync
sharepoint
groove server
windows sharepoint services
sharepoint foundation
office web apps
remote attackers
html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.344 Low

EPSS

Percentile

97.1%

JSON

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka “HTML Sanitization Vulnerability.”

Affected configurations

NVD
Node
microsoftgroove_serverMatch2010sp1
OR
microsoftinfopathMatch2007sp2
OR
microsoftinfopathMatch2010sp1
OR
microsoftlyncMatch2010
OR
microsoftlyncMatch2010attendee
OR
microsoftoffice_communicatorMatch2007r2
OR
microsoftoffice_web_appsMatch2010sp1
OR
microsoftsharepoint_foundationMatch2010sp1
OR
microsoftsharepoint_serverMatch2007sp2
OR
microsoftsharepoint_serverMatch2007sp3
OR
microsoftsharepoint_serverMatch2010sp1
OR
microsoftsharepoint_servicesMatch3.0sp2

Related

seebug 2
prion 1
securityvulns 1
cvelist 1
nessus 1
openvas 1
nvd 1
seebug
seebug
Microsoft多个产品HTML过滤组件跨站脚本执行漏洞(MS12-066)
2012-10-11 00:00:00
Microsoft SharePoint和Microsoft Lync HTML过滤跨站脚本执行漏洞 (MS12-067)
2012-10-11 00:00:00
prion
prion
Cross site scripting
2012-10-09 21:55:00
securityvulns
securityvulns
Multiple Microsoft web applications crossite scripting
2012-10-09 00:00:00
cvelist
cvelist
CVE-2012-2520
2012-10-09 21:00:00
nessus
nessus
MS12-066: Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
2012-10-10 00:00:00
openvas
openvas
Microsoft Products HTML Sanitisation Component XSS Vulnerability (2741517)
2012-10-10 00:00:00
nvd
nvd
CVE-2012-2520
2012-10-09 21:55:02

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.344 Low

EPSS

Percentile

97.1%

JSON
Related for CVE-2012-2520
seebug2prion1securityvulns1cvelist1nessus1openvas1nvd1