High-Tech Bridge SA Security Research Lab has discovered vulnerability in Microsoft SharePoint Server 2007 which could be exploited to perform cross-site scripting attacks.
- Cross-site scripting vulnerability in Microsoft SharePoint Server 2007: CVE-2010-0817
An input sanitation error was found in the “cid0” parameter in /_layouts/help.aspx. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
http://host/_layouts/help.aspx?cid0=MS.WSS.manifest.xml <script>alert% 28%27XSS%27%29%3C/script%3E&tid=X