| Vulnerability Name: | CVE-2007-2581 (CCN-34343) | ||||||||
| Assigned: | 2007-05-04 | ||||||||
| Published: | 2007-05-04 | ||||||||
| Updated: | 2018-10-16 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. | ||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri May 04 2007 - 17:01:02 CDT XSS in Microsoft SharePoint Source: BUGTRAQ Type: UNKNOWN 20070513 Re: XSS in Microsoft SharePoint Source: CCN Type: BugTraq Mailing List, Sun May 13 2007 - 06:42:53 CDT Re: XSS in Microsoft SharePoint Source: MITRE Type: CNA CVE-2007-2581 Source: OSVDB Type: UNKNOWN 37630 Source: CCN Type: SA27148 Microsoft Windows SharePoint Services / Office SharePoint Server Cross-Site Scripting Source: SECUNIA Type: Vendor Advisory 27148 Source: SREASON Type: UNKNOWN 2682 Source: CCN Type: SECTRACK ID: 1018789 Microsoft SharePoint Input Validation Hole Permits Cross-Site Scripting Attacks Source: SECTRACK Type: UNKNOWN 1018789 Source: CCN Type: ASA-2007-425 MS07-059 Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017) Source: CCN Type: Microsoft Security Bulletin MS07-059 Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017) Source: CCN Type: Microsoft Security Bulletin MS08-077 Vulnerability in Microsoft Office Sharepoint Server Could Cause Elevation of Privilege (957175) Source: CCN Type: Microsoft Security Bulletin MS10-039 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) Source: CCN Type: Microsoft Security Bulletin MS10-072 Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) Source: CCN Type: OSVDB ID: 37630 Microsoft SharePoint PATH_INFO (query string) XSS Source: BUGTRAQ Type: UNKNOWN 20070504 XSS in Microsoft SharePoint Source: BUGTRAQ Type: UNKNOWN 20070505 RE: XSS in Microsoft SharePoint Source: HP Type: UNKNOWN HPSBST02280 Source: BID Type: UNKNOWN 23832 Source: CCN Type: BID-23832 Microsoft SharePoint Server Cross-Site Scripting Vulnerability Source: CERT Type: US Government Resource TA07-282A Source: VUPEN Type: Vendor Advisory ADV-2007-3439 Source: MS Type: UNKNOWN MS07-059 Source: XF Type: UNKNOWN sharepoint-default-pathinfo-xss(34343) Source: XF Type: UNKNOWN sharepoint-default-pathinfo-xss(34343) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:2286 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||