Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2010-3324
HistorySep 17, 2010 - 6:00 p.m.

CVE-2010-3324

2010-09-1718:00:03
CWE-79
[email protected]
web.nvd.nist.gov
5

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.1

Confidence

High

EPSS

0.961

Percentile

99.6%

JSON

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka “HTML Sanitization Vulnerability,” a different vulnerability than CVE-2010-1257.

Affected configurations

Nvd
Node
microsoftgroove_serverMatch2010
OR
microsoftinternet_explorerMatch8
OR
microsoftsharepoint_foundationMatch2010
OR
microsoftsharepoint_serverMatch2007sp2
OR
microsoftsharepoint_servicesMatch3.0sp2x32
OR
microsoftweb_apps
VendorProductVersionCPE
microsoftgroove_server2010cpe:2.3:a:microsoft:groove_server:2010:*:*:*:*:*:*:*
microsoftinternet_explorer8cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
microsoftsharepoint_foundation2010cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*
microsoftsharepoint_server2007cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:*:*:*:*:*:*
microsoftsharepoint_services3.0cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*
microsoftweb_apps*cpe:2.3:a:microsoft:web_apps:*:*:*:*:*:*:*:*

Related

cve 2
cvelist 2
prion 2
seebug 2
checkpoint_advisories 2
nvd 1
openvas 10
exploitdb 1
nessus 5
securityvulns 8
mskb 2
cve
cve
CVE-2010-3324
2010-09-17 18:00:03
CVE-2010-1257
2010-06-08 20:30:02
cvelist
cvelist
CVE-2010-3324
2010-09-17 17:46:00
CVE-2010-1257
2010-06-08 20:00:00
prion
prion
Cross site scripting
2010-09-17 18:00:00
Cross site scripting
2010-06-08 20:30:00
seebug
seebug
Microsoft IE toStaticHTML跨域信息泄露漏洞(MS10-035)
2010-06-10 00:00:00
Microsoft IE 8 toStaticHTML()函数不安全HTML过滤漏洞(MS10-071/MS10-072)
2010-10-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer toStaticHTML Information Disclosure (MS10-035; CVE-2010-1257)
2010-06-08 00:00:00
Internet Explorer toStaticHTML API Cross-Site-Scripting (MS10-072; CVE-2010-3324)
2010-10-12 00:00:00
nvd
nvd
CVE-2010-1257
2010-06-08 20:30:02
openvas
openvas
Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability
2010-09-23 00:00:00
Microsoft Internet Explorer 'toStaticHTML()' XSS Vulnerability
2010-09-23 00:00:00
Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
2010-06-09 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass
2010-08-16 00:00:00
nessus
nessus
MS10-072: Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) (remote check)
2010-10-18 00:00:00
MS10-072: Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
2010-10-13 00:00:00
MS10-039: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
2010-06-09 00:00:00
securityvulns
securityvulns
Microsoft Sharepoint SafeHTML crossite scripting
2010-10-13 00:00:00
Microsoft Security Bulletin MS10-072 - Important Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
2010-10-13 00:00:00
Microsoft SharePoint multiple security vulnerabilities
2010-06-09 00:00:00
mskb
mskb
MS10-072: Vulnerabilities in Microsoft SharePoint could allow information disclosure
2012-05-11 22:40:26
MS10-035: Cumulative security update for Internet Explorer
2014-06-21 13:52:45

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.1

Confidence

High

EPSS

0.961

Percentile

99.6%

JSON
Related for NVD:CVE-2010-3324
cve2cvelist2prion2seebug2checkpoint_advisories2nvd1openvas10exploitdb1nessus5securityvulns8mskb2