Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2010-02-26 |
| Product | Sharepoint Server | Last view | 2010-06-08 |
| Version | 2007 | Type | Application |
| Update | sp1 | ||
| Edition | x32 | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:sharepoint_server | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2010-06-08 | CVE-2010-1257 | Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. |
| 3.5 | 2010-02-26 | CVE-2010-0716 | _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 65211 | Microsoft IE / Sharepoint toStaticHTML Information Disclosure |
| 50138 | Microsoft SharePoint Host Name / Port Number Persistence HTML Document Same-o... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-06-09 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (982381) File : nvt/secpod_ms10-035.nasl |
| 2010-06-09 | Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554) File : nvt/secpod_ms10-039.nasl |
| 2010-03-05 | Name : Microsoft SharePoint Cross Site Scripting Vulnerability File : nvt/gb_ms_sharepoint_xss_vuln.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2010-A-0079 | Multiple Vulnerabilities in Microsoft Office SharePoint Severity: Category II - VMSKEY: V0024377 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Internet Explorer 8 cross-site scripting attempt RuleID : 16658 - Type : BROWSER-IE - Revision : 7 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-06-09 | Name: Arbitrary code can be executed on the remote host through a web browser. File: smb_nt_ms10-035.nasl - Type: ACT_GATHER_INFO |
| 2010-06-09 | Name: The remote host has multiple vulnerabilities. File: smb_nt_ms10-039.nasl - Type: ACT_GATHER_INFO |
