5 matches found
Microsoft HTML Sanitization Cross Site Scripting (MS13-035) - High Confidence (CVE-2013-1289)
A cross-site scripting vulnerability has been reported in multiple Microsoft products. The flaw is due to the way that the applications sanitize HTML. Remote attackers can exploit this vulnerability by submitting crafted HTML to the vulnerable server that uses the HTML Sanitization library, and...
Microsoft Office Web Apps HTML Sanitisation Component XSS Vulnerability (2821818)
This host is missing an important security update according to Microsoft Bulletin MS13-035. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
CVE-2013-1289
The CVE-2013-1289 entry covers a cross-site scripting (XSS) vulnerability in multiple Microsoft HTML Sanitization components used by SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1. The issue arises from the HTML sanitization logic,...
Microsoft SharePoint CVE-2013-1289 HTML Injection Vulnerability
Description Microsoft SharePoint is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication...
Microsoft HTML Sanitization Cross Site Scripting (MS13-035; CVE-2013-1289)
An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. Successful exploitation could allow an attacker to perform cross-site scripting attacks against affected users, resulting in script execution in the target's security context...