Lucene search
High-Tech BridgeHTB22350HistoryApr 12, 2010 - 12:00 a.m.
Cross-site Scripting Vulnerability in Microsoft SharePoint Server 2007
2010-04-1200:00:00
High-Tech Bridge
www.htbridge.com
47
EPSS
0.881
Percentile
98.8%
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Microsoft SharePoint Server 2007 which could be exploited to perform cross-site scripting attacks.
- Cross-site scripting vulnerability in Microsoft SharePoint Server 2007: CVE-2010-0817
An input sanitation error was found in the “cid0” parameter in /_layouts/help.aspx. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
http://host/_layouts/help.aspx?cid0=MS.WSS.manifest.xml�<script>alert% 28%27XSS%27%29%3C/script%3E&tid=X
Related
nessus
nessus
openvas
openvas
prion
prion
Cross site scripting
2010-04-29 21:30:00
cvelist
cvelist
CVE-2010-0817
2010-04-29 21:00:00
nvd
nvd
CVE-2010-0817
2010-04-29 21:30:00
cve
cve
CVE-2010-0817
2010-04-29 21:30:00
checkpoint_advisories
checkpoint_advisories
exploitdb
exploitdb
Microsoft SharePoint Server 2007 - Cross-Site Scripting
2010-04-29 00:00:00
securityvulns
securityvulns