logo
DATABASE RESOURCES PRICING ABOUT US

Cross-site Scripting Vulnerability in Microsoft SharePoint Server 2007

Description

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Microsoft SharePoint Server 2007 which could be exploited to perform cross-site scripting attacks. 1) Cross-site scripting vulnerability in Microsoft SharePoint Server 2007: CVE-2010-0817 An input sanitation error was found in the "cid0" parameter in /_layouts/help.aspx. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website. Exploitation example: http://host/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert% 28%27XSS%27%29%3C/script%3E&tid=X


Affected Software


CPE Name Name Version
microsoft sharepoint server 2007 12.0.0.6421

Related