Oval Definition:oval:org.mitre.oval:def:12788
Revision Date:2011-10-31Version:3
Title:Editform Script Injection Vulnerability
Description:Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-1890
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2010
Definition Synopsis
  • Vulnerable Microsoft Office SharePoint Server 2010 (osrchwfe)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Microsoft.SharePoint.Taxonomy.dll version is less than 14.0.6106.5001
  • Vulnerable Microsoft Office SharePoint Server 2010 (osrv/wosrv)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Microsoft.office.server.dll version is less than 14.0.6106.5001
  • Vulnerable Microsoft Office SharePoint Server 2010 (ppsmawfe)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Eawfap.dll version is less than 14.0.6106.5001
  • Vulnerable Microsoft Office SharePoint Server 2010 (dlc)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Microsoft.office.policy.dll version is less than 14.0.6106.5001
  • Vulnerable Microsoft Office SharePoint Server 2010 (ppsmamui)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Microsoft.SharePoint.Client.dll version is less than 14.0.6106.5001
  • Vulnerable Microsoft SharePoint Foundation 2010
  • Microsoft SharePoint Foundation 2010 is installed
  • AND OWSSVR.DLL version is less than 14.0.6106.5008
    • BACK