Lucene search

PRIOn knowledge basePRION:CVE-2007-2581

HistoryMay 09, 2007 - 9:19 p.m.

Cross site scripting

2007-05-0921:19:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

High

0.967 High

EPSS

Percentile

99.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in “every main page,” as demonstrated by default.aspx.

CPENameOperatorVersion
sharepoint_servereq2007
sharepoint_serviceseq3.0

CPE	Name	Operator	Version
	sharepoint_server	eq	2007
	sharepoint_services	eq	3.0

References

archives.neohapsis.com/archives/bugtraq/2007-05/0196.html

osvdb.org/37630

secunia.com/advisories/27148

securityreason.com/securityalert/2682

securitytracker.com/id?1018789

www.securityfocus.com/archive/1/467738/100/0/threaded

www.securityfocus.com/archive/1/467749/100/0/threaded

www.securityfocus.com/archive/1/482366/100/0/threaded

www.securityfocus.com/bid/23832

www.us-cert.gov/cas/techalerts/TA07-282A.html

www.vupen.com/english/advisories/2007/3439

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-059

exchange.xforce.ibmcloud.com/vulnerabilities/34343

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2286