What is the severity of CVE-2010-0716?

CVE-2010-0716 has a medium severity rating due to its impact on authenticated users' ability to access and leverage attachments.

How do I fix CVE-2010-0716?

To fix CVE-2010-0716, ensure that you update Microsoft SharePoint to the latest version that addresses this vulnerability.

What systems are affected by CVE-2010-0716?

CVE-2010-0716 affects Microsoft SharePoint Server 2007 and its Service Packs prior to the fixed versions.

What does CVE-2010-0716 exploit?

CVE-2010-0716 exploits the same-origin policy in SharePoint allowing unauthorized access to user-uploaded files.

Is CVE-2010-0716 being actively exploited?

As of the last assessments, CVE-2010-0716 is not widely reported as being actively exploited, but it remains a concern for vulnerable installations.

Vulnerability/
CVE-2010-0716

low

3.5

CWE

26/2/2010

7/8/2024

CVE-2010-0716: XSS

First published: Fri Feb 26 2010(Updated: )

_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Microsoft SharePoint Server 2010	=2007-sp1
Microsoft SharePoint Server 2010	=2007
Microsoft SharePoint Server 2010	<=2007

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-0716?
CVE-2010-0716 has a medium severity rating due to its impact on authenticated users' ability to access and leverage attachments.
How do I fix CVE-2010-0716?
To fix CVE-2010-0716, ensure that you update Microsoft SharePoint to the latest version that addresses this vulnerability.
What systems are affected by CVE-2010-0716?
CVE-2010-0716 affects Microsoft SharePoint Server 2007 and its Service Packs prior to the fixed versions.
What does CVE-2010-0716 exploit?
CVE-2010-0716 exploits the same-origin policy in SharePoint allowing unauthorized access to user-uploaded files.
Is CVE-2010-0716 being actively exploited?
As of the last assessments, CVE-2010-0716 is not widely reported as being actively exploited, but it remains a concern for vulnerable installations.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/last-modified-date
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/weakness
vendor/microsoft
canonical/microsoft sharepoint server 2010
version/microsoft sharepoint server 2010/2007-sp1
version/microsoft sharepoint server 2010/2007

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.