CVE-2010-0817: XSS
First published: Thu Apr 29 2010(Updated: )
Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft SharePoint Server | =2007 | |
| Microsoft Sharepoint Services | =3.0-sp2 | |
| Microsoft Sharepoint Services | =3.0-sp2 | |
| Microsoft Sharepoint Services | =3.0-sp1 | |
| Microsoft Sharepoint Services | =3.0-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html
- http://www.us-cert.gov/cas/techalerts/TA10-159B.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7468
- http://www.securityfocus.com/archive/1/511021/100/0/threaded
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft sharepoint server
- version/microsoft sharepoint server/2007
- canonical/microsoft sharepoint services
- version/microsoft sharepoint services/3.0-sp2
- version/microsoft sharepoint services/3.0-sp1