Executive Summary

Informations
NameCVE-2011-1890First vendor Publication2011-09-15
VendorCveLast vendor Modification2012-01-26

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1890

CWE : Common Weakness Enumeration

idName
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12788
 
Oval ID: oval:org.mitre.oval:def:12788
Title: Editform Script Injection Vulnerability
Description: Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1890
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2010
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1

OpenVAS Exploits

DateDescription
2011-09-14Name : Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
File : nvt/secpod_ms11-074.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
75390Microsoft SharePoint EditForm.aspx XSS

Information Assurance Vulnerability Management (IAVM)

DateDescription
2011-09-15IAVM : 2011-B-0115 - Multiple Vulnerabilities in Microsoft Office SharePoint
Severity : Category II - VMSKEY : V0030239

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft Internet Explorer toStaticHTML XSS attempt
RuleID : 21569 - Revision : 5 - Type : BROWSER-IE
2014-01-10Microsoft SharePoint XSS
RuleID : 20117 - Revision : 7 - Type : SERVER-WEBAPP
2014-01-10Microsoft Office SharePoint Javascript XSS attempt
RuleID : 20116 - Revision : 10 - Type : SERVER-WEBAPP
2014-01-10Microsoft Office SharePoint XML external entity exploit attempt
RuleID : 20115 - Revision : 9 - Type : SERVER-WEBAPP
2014-01-10Microsoft SharePoint hiddenSpanData cross site scripting attempt
RuleID : 20114 - Revision : 7 - Type : SERVER-WEBAPP
2014-01-10Microsoft Office SharePoint XSS vulnerability attempt
RuleID : 20113 - Revision : 9 - Type : SERVER-WEBAPP
2014-01-10Microsoft Office SharePoint XSS vulnerability attempt
RuleID : 20112 - Revision : 8 - Type : SERVER-WEBAPP
2014-01-10Microsoft Office SharePoint XSS vulnerability attempt
RuleID : 20111 - Revision : 8 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

DateDescription
2011-09-14Name : The remote host is affected by multiple privilege escalation and information ...
File : smb_nt_ms11-074.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
CERThttp://www.us-cert.gov/cas/techalerts/TA11-256A.html
MShttp://technet.microsoft.com/en-us/security/bulletin/MS11-074

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2014-02-17 11:02:21
  • Multiple Updates
2014-01-19 21:27:48
  • Multiple Updates
2013-11-11 12:39:23
  • Multiple Updates
2013-05-10 23:00:32
  • Multiple Updates