Lucene search
High-Tech BridgeHTB22350HistoryApr 12, 2010 - 12:00 a.m.
Cross-site Scripting Vulnerability in Microsoft SharePoint Server 2007
2010-04-1200:00:00
High-Tech Bridge
www.htbridge.com
39
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.842 High
EPSS
Percentile
98.2%
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Microsoft SharePoint Server 2007 which could be exploited to perform cross-site scripting attacks.
- Cross-site scripting vulnerability in Microsoft SharePoint Server 2007: CVE-2010-0817
An input sanitation error was found in the “cid0” parameter in /_layouts/help.aspx. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
http://host/_layouts/help.aspx?cid0=MS.WSS.manifest.xml�<script>alert% 28%27XSS%27%29%3C/script%3E&tid=X
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft sharepoint server 2007 | le | 12.0.0.6421 |
Related
prion
prion
Cross site scripting
2010-04-29 21:30:00
openvas
openvas
nessus
nessus
cve
cve
CVE-2010-0817
2010-04-29 21:30:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.842 High
EPSS
Percentile
98.2%
Related for HTB22350