CVE-2010-0817

MEDIUM

Description

Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.

References

http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html

http://www.securityfocus.com/archive/1/511021/100/0/threaded

http://www.us-cert.gov/cas/techalerts/TA10-159B.html

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7468

Details

Source: MITRE

Published: 2010-04-29

Updated: 2018-10-12

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:microsoft:sharepoint_server:2007:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:microsoft:sharepoint_services:3.0:sp1:x32:*:*:*:*:*

cpe:2.3:a:microsoft:sharepoint_services:3.0:sp1:x64:*:*:*:*:*

cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*

cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
47580Microsoft SharePoint Services Help.aspx 'cid0' Parameter XSSNessusCGI abuses : XSS
medium
46846MS10-039: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)NessusWindows : Microsoft Bulletins
medium