CVE-2013-1289

2013-04-0922:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-1289

cross-site scripting

xss vulnerability

microsoft sharepoint server 2010

security

nvd

5.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.931 High

EPSS

Percentile

99.0%

JSON

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka “HTML Sanitization Vulnerability.”

CPENameOperatorVersion
microsoft:groove_servermicrosoft groove servereq2010
microsoft:infopathmicrosoft infopatheq2010
microsoft:sharepoint_servermicrosoft sharepoint servereq2010
microsoft:office_web_appsmicrosoft office web appseq2010
microsoft:sharepoint_foundationmicrosoft sharepoint foundationeq2010

CPE	Name	Operator	Version
microsoft:groove_server	microsoft groove server	eq	2010
microsoft:infopath	microsoft infopath	eq	2010
microsoft:sharepoint_server	microsoft sharepoint server	eq	2010
microsoft:office_web_apps	microsoft office web apps	eq	2010
microsoft:sharepoint_foundation	microsoft sharepoint foundation	eq	2010