Oval Definition:	oval:org.mitre.oval:def:28658
Revision Date: 2015-06-15 Version: 9 Title: Microsoft SharePoint xss vulnerability – CVE-2015-1636 (MS15-022) Description: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2015-1636 Platform(s): Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Product(s): Microsoft SharePoint Foundation 2013 Microsoft SharePoint Server 2013 Definition Synopsis Sharepoint Foundation Server 2013 and vulnerable file version Microsoft SharePoint Foundation 2013 is installed AND Check if the version of stswel.dll is less than 15.0.4701.1000 OR Sharepoint Server 2013 and vulnerable file version Microsoft SharePoint Server 2013 is installed AND Check for vulnerable versions Check if the version of xlsrv.dll is less than 15.0.4701.1000 OR Check if the version of wwintl.dll is less than 15.0.4631.1000 OR Check if the version of vutils.dll is less than 15.0.4701.1000 OR Check if the version of microsoft.office.infopath.server.dll is less than 15.0.4701.1000 OR Check if the version of ascalc.dll is less than 15.0.4699.1000 OR Check if the version of msoserverintl.dll is less than 15.0.4697.1000
BACK