MS10-072: Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
Medium Nessus Plugin ID 49949
SynopsisThe remote host is affected by multiple cross-site scripting vulnerabilities.
DescriptionThe versions of SharePoint Services, SharePoint Server, Groove, or Office Web Apps installed on the remote host have multiple cross-site scripting vulnerabilities.
A remote attacker could exploit them by tricking a user into making a malicious request, resulting in arbitrary script code execution.
SolutionMicrosoft has released a set of patches for SharePoint Services 3.0, SharePoint Foundation 2010, SharePoint Server 2007, Groove Server 2010, and Office Web Apps.