Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2012-0144 | First vendor Publication | 2012-02-14 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0144 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:14386 | |||
| Oval ID: | oval:org.mitre.oval:def:14386 | ||
| Title: | XSS in themeweb.aspx Vulnerability | ||
| Description: | Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0144 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft SharePoint Server 2010 Microsoft SharePoint Foundation 2010 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 | |
| Application | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-06-28 | Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841) File : nvt/secpod_ms12-011.nasl |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2012-02-16 | IAVM : 2012-B-0017 - Multiple Elevation of Privilege Vulnerabilities in Microsoft SharePoint Severity : Category II - VMSKEY : V0031349 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft SharePoint chart webpart XSS attempt RuleID : 21298 - Revision : 5 - Type : SERVER-WEBAPP |
| 2014-01-10 | Microsoft Office SharePoint themeweb.aspx XSS attempt RuleID : 21297 - Revision : 6 - Type : SERVER-WEBAPP |
| 2014-01-10 | Microsoft generic javascript handler in URI XSS attempt RuleID : 20258 - Revision : 12 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-02-14 | Name : The remote host is affected by multiple privilege escalation and information ... File : smb_nt_ms12-011.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:02:51 |
|
| 2024-11-28 12:28:25 |
|
| 2021-05-04 12:18:58 |
|
| 2021-04-22 01:22:41 |
|
| 2020-05-23 00:32:36 |
|
| 2018-10-13 05:18:34 |
|
| 2017-09-19 09:25:07 |
|
| 2016-10-22 00:23:24 |
|
| 2014-02-17 11:07:02 |
|
| 2014-01-19 21:28:20 |
|
| 2013-11-15 13:20:19 |
|
| 2013-11-11 12:39:42 |
|
| 2013-07-20 13:19:12 |
|
| 2013-05-10 22:31:29 |
|
