| Vulnerability Name: | CVE-2010-0817 (CCN-58243) | ||||||||
| Assigned: | 2010-04-29 | ||||||||
| Published: | 2010-04-29 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2010-0817 Source: CCN Type: SA39603 Microsoft SharePoint Server / SharePoint Services help.aspx Cross-Site Scripting Source: MISC Type: Exploit http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html Source: CCN Type: Microsoft Security Advisory (983438) Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege Source: CCN Type: Microsoft Security Bulletin MS10-039 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) Source: CCN Type: Microsoft Security Bulletin MS10-072 Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) Source: BUGTRAQ Type: UNKNOWN 20100428 XSS in Microsoft SharePoint Server 2007 Source: CCN Type: BID-39776 Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability Source: CERT Type: US Government Resource TA10-159B Source: MS Type: UNKNOWN MS10-039 Source: XF Type: UNKNOWN ms-sharepoint-help-xss(58243) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:7468 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [04-29-2010] | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||