Kaspersky LabKLA11089KLA11089 XSS vulnerability in Microsoft Sharepoint Server
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
56.9%
An XSS (cross-site scripting) vulnerability related to an improper sanitizing of web requests was found in Microsoft SharePoint Server. By exploiting this vulnerability malicious users can spoof user interaface. This vulnerability can be exploited remotely via a specially designed web request.
Original advisories
Related products
CVE list
CVE-2017-8654 warning
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Microsoft SharePoint Server 2010 Service Pack 2
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
56.9%