WEB APPLICATION VULNERABILITIES Standard & Premium

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-0817)

Description

Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.

Remediation

References

Related Vulnerabilities

GlassFish Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5266)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0245)

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder Unspecified Vulnerability (1.14.9)

WordPress Plugin Neuvoo Jobs Cross-Site Scripting (2.0)

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)

Severity

Medium

Classification

CVE-2010-0817 CWE-707

Tags

Missing Update Known Vulnerabilities