| Vulnerability Name: | CVE-2008-1888 (CCN-41934) | ||||||||
| Assigned: | 2008-04-08 | ||||||||
| Published: | 2008-04-08 | ||||||||
| Updated: | 2018-10-11 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-1888 Source: CCN Type: Computer Academic Underground Security Advisory CAU-2008-0002 Microsoft Windows SharePoint Services Picture Source XSS Source: MISC Type: UNKNOWN http://www.caughq.org/advisories/CAU-2008-0002.txt Source: CCN Type: Microsoft Office SharePoint Server Web site Microsoft Office SharePoint Server Source: CCN Type: OSVDB ID: 44459 Microsoft Sharepoint Rich Text Editor Picture Source XSS Source: BUGTRAQ Type: UNKNOWN 20080409 CAU-2008-0002: Microsoft Windows SharePoint Services PictureSource XSS Source: BID Type: UNKNOWN 28706 Source: CCN Type: BID-28706 Microsoft SharePoint Server Picture Source HTML Injection Vulnerability Source: XF Type: UNKNOWN microsoft-sharepoint-picturesource-xss(41934) Source: XF Type: UNKNOWN microsoft-sharepoint-picturesource-xss(41934) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||