Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html
http://www.securityfocus.com/archive/1/511021/100/0/threaded
http://www.us-cert.gov/cas/techalerts/TA10-159B.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7468
OR
OR
cpe:2.3:a:microsoft:sharepoint_services:3.0:sp1:x32:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_services:3.0:sp1:x64:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
47580 | Microsoft SharePoint Services Help.aspx 'cid0' Parameter XSS | Nessus | CGI abuses : XSS | medium |
46846 | MS10-039: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) | Nessus | Windows : Microsoft Bulletins | medium |