Vulnerability Name: | CVE-2012-1859 (CCN-76706) | ||||||||
Assigned: | 2012-07-10 | ||||||||
Published: | 2012-07-10 | ||||||||
Updated: | 2018-10-12 | ||||||||
Summary: | Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability." | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-79 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2012-1859 Source: CCN Type: SA49875 Microsoft SharePoint Multiple Vulnerabilities Source: CCN Type: Microsoft Security Bulletin MS12-050 Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502) Source: CCN Type: Microsoft Security Bulletin MS13-067 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052) Source: CCN Type: Microsoft Security Bulletin MS13-084 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089) Source: CCN Type: Microsoft Security Bulletin MS14-073 Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (3000431) Source: CCN Type: BID-54312 Microsoft SharePoint 'scriptresx.ashx' Cross Site Scripting Vulnerability Source: CERT Type: US Government Resource TA12-192A Source: MS Type: UNKNOWN MS12-050 Source: XF Type: UNKNOWN ms-sharepoint-scriptresx-xss(76706) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:15589 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |