3 matches found
Cross site scripting
layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files aka attachments, which allows remote authenticated users to leverage same-origin relationships and...
CVE-2010-0716
layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files aka attachments, which allows remote authenticated users to leverage same-origin relationships and...
CVE-2008-5026
CVE-2008-5026 involves Microsoft SharePoint, where the Documents module allows uploading files using the same hostname/port as the site’s primary files. This enables remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) by uploading HTML documents...