Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability Network Vulnerability

Summary

Microsoft SharePoint Server 2007 and SharePoint Services 3.0 are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Solution

The vendor has released an advisory and updates. Please see the references for details.

References

http://blogs.technet.com/msrc/archive/2010/04/29/security-advisory-983438-released.aspx
http://support.avaya.com/css/P8/documents/100089744
http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html
http://www.microsoft.com/technet/security/Bulletin/MS10-039.mspx
http://www.microsoft.com/technet/security/advisory/983438.mspx
http://www.securityfocus.com/archive/1/511021
http://www.securityfocus.com/bid/39776

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-0817

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat NIO Connector Denial of Service Vulnerability
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
A Really Simple Chat Multiple XSS Vulnerabilities
Apache Tomcat Multiple Vulnerabilities June-09

Take action and discover your vulnerabilities