CVE-2010-0716

Affected software : Microsoft SharePoint (Documents module). Vulnerability : Cross-site scripting via _layouts/Upload.aspx when uploading files (same-hostname/port used for primary files and attachments). Root cause : same-origin relationship leveraged to inject script in uploaded TXT files; requ...

CVE-2010-0716

layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files aka attachments, which allows remote authenticated users to leverage same-origin relationships and...