Fedora 17 : bugzilla-4.0.10-1.fc17 (2013-2845)

This update fixes security issues that have been discovered in Bugzilla : - When viewing a bug report, a bug ID containing random code is not correctly sanitized in the HTML page if the specified page format is invalid. This can lead to XSS. - When running a query in debug mode, it is possible to...

MS12-066: Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)

The version of Microsoft InfoPath, Communicator, Lync, SharePoint Server, Groove Server, and/or Office Web Apps installed on the remote host is potentially affected by a privilege escalation vulnerability due to the way HTML strings are sanitized. C Tenable Network Security, Inc...

CVE-2012-2520

Cross-site scripting XSS vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office W...

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office W...

Microsoft SharePoint And Microsoft Lync HTML Sanitization Cross Site Scripting Vulnerability

Description Microsoft SharePoint and Microsoft Lync are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affect...

Multiple Microsoft web applications crossite scripting

Insufficient HTML sanitization...

Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64

A flaw was found in the way Firefox sanitized HTML content in extensions. If an extension loaded or rendered malicious content using the ParanoidFragmentSink class, it could fail to safely display the content, causing Firefox to execute arbitrary JavaScript with the privileges of the user running...

MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)

The versions of InfoPath, Office SharePoint Server, SharePoint Server, Groove Server, Windows SharePoint Services, SharePoint Foundation, or Office Web Apps installed on the remote host are affected by multiple privilege escalation and information disclosure vulnerabilities : - An information...

Preemptive Protection against Microsoft SharePoint HTML Sanitization Cross-site Scripting (MS12-050; CVE-2012-1858)

A cross-site scripting vulnerability has been reported in Microsoft SharePoint...

MS12-039: Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)

The remote Windows host is potentially affected by the following vulnerabilities : - Multiple code execution vulnerabilities exist in the handling of specially crafted TrueType font files. CVE-2011-3402, CVE-2012-0159 - An insecure library loading vulnerability exists in the way that Microsoft Ly...

Cross site scripting

The toStaticHTML API aka the SafeHTML component in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted...

CVE-2012-1858

The toStaticHTML API aka the SafeHTML component in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted...

CVE-2012-1858

CVE-2012-1858 concerns the toStaticHTML (SafeHTML) sanitization function used in Internet Explorer 8/9, SharePoint, and Lync/Communicator. The vulnerability arises because the HTML sanitization logic can be bypassed via crafted HTML/CSS, enabling cross-site scripting (XSS) or information disclosu...

Internet Explorer HTML Sanitization Information Disclosure (MS12-039; CVE-2012-1858)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer...

CVE-2011-1252

Cross-site scripting XSS vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint...

CVE-2010-3243

Cross-site scripting XSS vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified...

Cross site scripting

Cross-site scripting XSS vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2010-3243

CVE-2010-3243 describes an HTML sanitization vulnerability (HTML Sanitization Vulnerability) causing cross-site scripting in Microsoft Internet Explorer 8 and in SharePoint components: Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2. The root cause is improper filtering ...

PT-2010-4679 · Microsoft · Internet Explorer +3

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 8 Microsoft Windows SharePoint Services versions 3.0 SP2 Microsoft Office SharePoint Server versions 2007 SP2 Description: The issue allows remote attackers to inject arbitrary web script or HTML via...

CVE-2010-3324

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scriptin...