Cross site scripting

2012-07-1021:55:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.862 High

EPSS

Percentile

98.5%

JSON

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka “SharePoint Reflected List Parameter Vulnerability.”

CPENameOperatorVersion
office_sharepoint_servereq2007 sp3-x64
office_sharepoint_servereq2007 sp3-x32
office_sharepoint_servereq2007 sp2-x32
office_sharepoint_servereq2007 sp2-x64
sharepoint_foundationeq2010
sharepoint_foundationeq2010 sp1
sharepoint_servereq2007 sp3
sharepoint_servereq2007 sp2
sharepoint_serviceseq3.0 sp2-x32
sharepoint_serviceseq3.0 sp2-x64

Name	Operator	Version
office_sharepoint_server	eq	2007 sp3-x64
office_sharepoint_server	eq	2007 sp3-x32
office_sharepoint_server	eq	2007 sp2-x32
office_sharepoint_server	eq	2007 sp2-x64
sharepoint_foundation	eq	2010
sharepoint_foundation	eq	2010 sp1
sharepoint_server	eq	2007 sp3
sharepoint_server	eq	2007 sp2
sharepoint_services	eq	3.0 sp2-x32
sharepoint_services	eq	3.0 sp2-x64