Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2012-2520
HistoryOct 09, 2012 - 9:55 p.m.

CVE-2012-2520

2012-10-0921:55:02
CWE-79
microsoft
web.nvd.nist.gov
45
cve-2012-2520
xss vulnerability
microsoft
infopath
communicator
lync
sharepoint
groove server
windows sharepoint services
sharepoint foundation
office web apps
remote attackers
html injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.326

Percentile

97.1%

JSON

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka “HTML Sanitization Vulnerability.”

Affected configurations

Nvd
Node
microsoftgroove_serverMatch2010sp1
OR
microsoftinfopathMatch2007sp2
OR
microsoftinfopathMatch2010sp1
OR
microsoftlyncMatch2010
OR
microsoftlyncMatch2010attendee
OR
microsoftoffice_communicatorMatch2007r2
OR
microsoftoffice_web_appsMatch2010sp1
OR
microsoftsharepoint_foundationMatch2010sp1
OR
microsoftsharepoint_serverMatch2007sp2
OR
microsoftsharepoint_serverMatch2007sp3
OR
microsoftsharepoint_serverMatch2010sp1
OR
microsoftsharepoint_servicesMatch3.0sp2
VendorProductVersionCPE
microsoftgroove_server2010cpe:2.3:a:microsoft:groove_server:2010:sp1:*:*:*:*:*:*
microsoftinfopath2007cpe:2.3:a:microsoft:infopath:2007:sp2:*:*:*:*:*:*
microsoftinfopath2010cpe:2.3:a:microsoft:infopath:2010:sp1:*:*:*:*:*:*
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*
microsoftoffice_communicator2007cpe:2.3:a:microsoft:office_communicator:2007:r2:*:*:*:*:*:*
microsoftoffice_web_apps2010cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*
microsoftsharepoint_foundation2010cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*
microsoftsharepoint_server2007cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:*:*:*:*:*:*
microsoftsharepoint_server2007cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*
Rows per page:
1-10 of 121

Related

seebug 2
prion 1
openvas 1
nvd 1
nessus 1
securityvulns 1
cvelist 1
seebug
seebug
Microsoft多个产品HTML过滤组件跨站脚本执行漏洞(MS12-066)
2012-10-11 00:00:00
Microsoft SharePoint和Microsoft Lync HTML过滤跨站脚本执行漏洞 (MS12-067)
2012-10-11 00:00:00
prion
prion
Cross site scripting
2012-10-09 21:55:00
openvas
openvas
Microsoft Products HTML Sanitisation Component XSS Vulnerability (2741517)
2012-10-10 00:00:00
nvd
nvd
CVE-2012-2520
2012-10-09 21:55:02
nessus
nessus
MS12-066: Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
2012-10-10 00:00:00
securityvulns
securityvulns
Multiple Microsoft web applications crossite scripting
2012-10-09 00:00:00
cvelist
cvelist
CVE-2012-2520
2012-10-09 21:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.326

Percentile

97.1%

JSON
Related for CVE-2012-2520
seebug2prion1openvas1nvd1nessus1securityvulns1cvelist1