Summary
This host is running Microsoft SharePoint Server and is prone to Cross Site Scripting vulnerability.
Impact
Successful exploitation will allow remote authenticated users to compromise the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
Impact Level: Application
Solution
Apply the patch from below link
http://technet.microsoft.com/en-us/security/bulletin/MS10-039
Insight
This flaw is due to insufficient validation of user supplied data passed into 'cid0' parameter in the '_layouts/help.aspx' in SharePoint Team Services.
Affected
Microsoft Windows SharePoint Services 3.0 SP 1
Microsoft Office SharePoint Server SP1 2007 12.0.0.6421 and prior.
References
Severity
Classification
-
CVE CVE-2010-0817 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
- Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability
- Adobe AIR JavaScript Code Execution Vulnerability
- Mozilla/Firefox security manager certificate handling DoS
- Opera web browser address bar spoofing weakness (2)