Lucene search

[email protected]NVD:CVE-2011-1252

HistoryJun 16, 2011 - 8:55 p.m.

CVE-2011-1252

2011-06-1620:55:01

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.939

Percentile

99.2%

JSON

Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka “toStaticHTML Information Disclosure Vulnerability” or “HTML Sanitization Vulnerability.”

Affected configurations

Nvd

Node

microsoftinternet_explorerMatch7

AND

microsoftwindows_2003_serversp2

microsoftwindows_2003_serversp2itanium

microsoftwindows_server_2003sp2

microsoftwindows_server_2008itanium

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_server_2008sp2x32

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_vistasp1

microsoftwindows_vistasp2

microsoftwindows_vistaMatch-sp1

microsoftwindows_vistaMatch-sp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

Node

microsoftinternet_explorerMatch8

AND

microsoftwindows_2003_serversp2itanium

microsoftwindows_7

microsoftwindows_7Match-

microsoftwindows_server_2003sp2

microsoftwindows_server_2008itanium

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_server_2008r2itanium

microsoftwindows_server_2008r2x64

microsoftwindows_server_2008sp2x32

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_vistasp1

microsoftwindows_vistasp2

microsoftwindows_vistaMatch-sp1

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

VendorProductVersionCPE
microsoftinternet_explorer7cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_explorer	7	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x32:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x64:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008::sp2:x32:::::
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::
microsoft	windows_server_2008	-	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::*