This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


Vendor Microsoft First view 2010-02-26
Product Sharepoint Server Last view 2010-06-08
Version 2007 Type Application
Update sp1  
Edition x32  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
CPE Product cpe:2.3:a:microsoft:sharepoint_server

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2010-06-08 CVE-2010-1257

Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.

3.5 2010-02-26 CVE-2010-0716

_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.

CWE : Common Weakness Enumeration

100% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
65211 Microsoft IE / Sharepoint toStaticHTML Information Disclosure
50138 Microsoft SharePoint Host Name / Port Number Persistence HTML Document Same-o...

OpenVAS Exploits

id Description
2010-06-09 Name : Microsoft Internet Explorer Multiple Vulnerabilities (982381)
File : nvt/secpod_ms10-035.nasl
2010-06-09 Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
File : nvt/secpod_ms10-039.nasl
2010-03-05 Name : Microsoft SharePoint Cross Site Scripting Vulnerability
File : nvt/gb_ms_sharepoint_xss_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2010-A-0079 Multiple Vulnerabilities in Microsoft Office SharePoint
Severity: Category II - VMSKEY: V0024377

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Internet Explorer 8 cross-site scripting attempt
RuleID : 16658 - Type : BROWSER-IE - Revision : 7

Nessus® Vulnerability Scanner

id Description
2010-06-09 Name: Arbitrary code can be executed on the remote host through a web browser.
File: smb_nt_ms10-035.nasl - Type: ACT_GATHER_INFO
2010-06-09 Name: The remote host has multiple vulnerabilities.
File: smb_nt_ms10-039.nasl - Type: ACT_GATHER_INFO