Vulnerability Name: | CVE-2012-1861 (CCN-76708) | ||||||||
Assigned: | 2012-07-10 | ||||||||
Published: | 2012-07-10 | ||||||||
Updated: | 2018-10-12 | ||||||||
Summary: | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability." | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-79 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2012-1861 Source: CCN Type: SA49875 Microsoft SharePoint Multiple Vulnerabilities Source: CCN Type: Microsoft Security Bulletin MS12-050 Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502) Source: CCN Type: Microsoft Security Bulletin MS13-067 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052) Source: CCN Type: Microsoft Security Bulletin MS13-084 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089) Source: CCN Type: Microsoft Security Bulletin MS14-073 Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (3000431) Source: CCN Type: BID-54313 Microsoft SharePoint CVE-2012-1861 HTML Injection Vulnerability Source: CERT Type: US Government Resource TA12-192A Source: MS Type: UNKNOWN MS12-050 Source: XF Type: UNKNOWN ms-sharepoint-javascript-xss(76708) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:15544 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |