Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2010-04-29 |
| Product | Sharepoint Services | Last view | 2012-07-10 |
| Version | 3.0 | Type | Application |
| Update | sp2 | ||
| Edition | x32 | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:sharepoint_services | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2012-07-10 | CVE-2012-1863 | Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." |
| 4.3 | 2011-09-15 | CVE-2011-1893 | Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." |
| 4 | 2011-09-15 | CVE-2011-1892 | Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." |
| 4.3 | 2011-09-15 | CVE-2011-1891 | Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." |
| 4.3 | 2010-10-13 | CVE-2010-3243 | Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." |
| 4.3 | 2010-09-17 | CVE-2010-3324 | The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. |
| 4 | 2010-06-08 | CVE-2010-1264 | Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." |
| 4.3 | 2010-06-08 | CVE-2010-1257 | Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. |
| 4.3 | 2010-04-29 | CVE-2010-0817 | Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 87% (7) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 12% (1) | CWE-200 | Information Exposure |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 75393 | Microsoft SharePoint Unspecified URI XSS |
| 75392 | Microsoft SharePoint XML File Arbitrary File Disclosure |
| 75391 | Microsoft SharePoint Contact Details XSS |
| 75381 | Microsoft SharePoint XML / XSL File Handling Unspecified Arbitrary File Discl... |
| 68548 | Microsoft IE / SharePoint Unspecified XSS |
| 68123 | Microsoft IE / SharePoint toStaticHTML Function Crafted CSS @import Rule XSS ... |
| 65220 | Microsoft SharePoint Crafted Request Help Page Invocation Remote DoS |
| 65211 | Microsoft IE / Sharepoint toStaticHTML Information Disclosure |
| 64170 | Microsoft SharePoint Server _layouts/help.aspx cid0 Parameter XSS |
ExploitDB Exploits
| id | Description |
|---|---|
| 17873 | File disclosure via XEE in SharePoint 2007/2010 and DotNetNuke < 6 |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-07-11 | Name : Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502) File : nvt/secpod_ms12-050.nasl |
| 2011-09-22 | Name : Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048) File : nvt/secpod_ms10-072.nasl |
| 2011-09-14 | Name : Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vu... File : nvt/gb_sharepoint_39776.nasl |
| 2011-09-14 | Name : Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858) File : nvt/secpod_ms11-074.nasl |
| 2010-10-13 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2360131) File : nvt/secpod_ms10-071.nasl |
| 2010-09-23 | Name : Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability File : nvt/secpod_ms_ie_static_html_xss_vuln.nasl |
| 2010-06-09 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (982381) File : nvt/secpod_ms10-035.nasl |
| 2010-06-09 | Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554) File : nvt/secpod_ms10-039.nasl |
| 2010-05-04 | Name : Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability File : nvt/secpod_ms_sharepoint_layouts_xss_vuln.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2011-B-0115 | Multiple Vulnerabilities in Microsoft Office SharePoint Severity: Category II - VMSKEY: V0030239 |
| 2010-A-0079 | Multiple Vulnerabilities in Microsoft Office SharePoint Severity: Category II - VMSKEY: V0024377 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-02-22 | toStaticHTML CSS import XSS exploit attempt RuleID : 45514 - Type : BROWSER-IE - Revision : 1 |
| 2014-01-10 | Microsoft Office SharePoint query.iqy XSS attempt RuleID : 23282 - Type : SERVER-WEBAPP - Revision : 7 |
| 2014-01-10 | Microsoft Office SharePoint Javascript XSS attempt RuleID : 20116 - Type : SERVER-WEBAPP - Revision : 14 |
| 2014-01-10 | Microsoft Office SharePoint XML external entity exploit attempt RuleID : 20115 - Type : SERVER-WEBAPP - Revision : 10 |
| 2014-01-10 | Microsoft SharePoint hiddenSpanData cross site scripting attempt RuleID : 20114 - Type : SERVER-WEBAPP - Revision : 8 |
| 2014-01-10 | Microsoft Internet Explorer and SharePoint toStaticHTML information disclosur... RuleID : 19322 - Type : BROWSER-IE - Revision : 10 |
| 2014-01-10 | Microsoft Internet Explorer 8 tostaticHTML CSS import vulnerability RuleID : 17767 - Type : BROWSER-IE - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer 8 XSS in toStaticHTML API attempt RuleID : 17766 - Type : BROWSER-IE - Revision : 15 |
| 2014-01-10 | Microsoft Office SharePoint Server 2007 help.aspx denial of service attempt RuleID : 16660 - Type : SERVER-WEBAPP - Revision : 16 |
| 2014-01-10 | Microsoft Internet Explorer 8 cross-site scripting attempt RuleID : 16658 - Type : BROWSER-IE - Revision : 7 |
| 2014-01-10 | Microsoft Office SharePoint XSS attempt RuleID : 16560 - Type : SERVER-WEBAPP - Revision : 17 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2012-07-11 | Name: The remote host is affected by multiple privilege escalation and information ... File: smb_nt_ms12-050.nasl - Type: ACT_GATHER_INFO |
| 2011-09-14 | Name: The remote host is affected by multiple privilege escalation and information ... File: smb_nt_ms11-074.nasl - Type: ACT_GATHER_INFO |
| 2010-10-18 | Name: The remote host is affected by multiple cross-site scripting vulnerabilities. File: safehtml_ms10_072.nasl - Type: ACT_GATHER_INFO |
| 2010-10-13 | Name: Arbitrary code can be executed on the remote host through a web browser. File: smb_nt_ms10-071.nasl - Type: ACT_GATHER_INFO |
| 2010-10-13 | Name: The remote host is affected by multiple cross-site scripting vulnerabilities. File: smb_nt_ms10-072.nasl - Type: ACT_GATHER_INFO |
| 2010-07-01 | Name: An application running on the remote web server has a denial of service vulne... File: sharepoint_help_dos.nasl - Type: ACT_DENIAL |
| 2010-07-01 | Name: An application running on the remote web server has a cross-site scripting vu... File: sharepoint_help_xss.nasl - Type: ACT_ATTACK |
| 2010-06-09 | Name: Arbitrary code can be executed on the remote host through a web browser. File: smb_nt_ms10-035.nasl - Type: ACT_GATHER_INFO |
| 2010-06-09 | Name: The remote host has multiple vulnerabilities. File: smb_nt_ms10-039.nasl - Type: ACT_GATHER_INFO |
