Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2008-11-10 |
Product | Sharepoint Server | Last view | 2010-02-26 |
Version | * | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:microsoft:sharepoint_server |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
3.5 | 2010-02-26 | CVE-2010-0716 | _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed. |
3.5 | 2008-11-10 | CVE-2008-5026 | Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
50138 | Microsoft SharePoint Host Name / Port Number Persistence HTML Document Same-o... |
OpenVAS Exploits
id | Description |
---|---|
2010-03-05 | Name : Microsoft SharePoint Cross Site Scripting Vulnerability File : nvt/gb_ms_sharepoint_xss_vuln.nasl |