Lucene search

PRIOn knowledge basePRION:CVE-2012-0145

HistoryFeb 14, 2012 - 10:55 p.m.

Cross site scripting

2012-02-1422:55:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.964 High

EPSS

Percentile

99.5%

JSON

Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka “XSS in wizardlist.aspx Vulnerability.”

CPENameOperatorVersion
sharepoint_foundationeq2010
sharepoint_foundationeq2010 sp1
sharepoint_servereq2010 sp1
sharepoint_servereq2010

Name	Operator	Version
sharepoint_foundation	eq	2010
sharepoint_foundation	eq	2010 sp1
sharepoint_server	eq	2010 sp1
sharepoint_server	eq	2010

References

www.us-cert.gov/cas/techalerts/TA12-045A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14826

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.964 High

EPSS

Percentile

99.5%

JSON

Related for PRION:CVE-2012-0145