Microsoft SharePoint Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Microsoft SharePoint Server and is prone to Cross Site Scripting vulnerability.

Impact

Successful exploitation will allow remote authenticated users to leverage same-origin relationships and conduct cross-site scripting attacks by uploading TXT files. Impact Level: Application

Solution

Upgrade to SharePoint Server 2010 or later. For updates refer to http://sharepoint.microsoft.com/Pages/Default.aspx

Insight

This flaw is due to insufficient validation of user supplied data passed into 'SourceUrl' and 'Source' parameters in the 'download.aspx' in SharePoint Team Services.

Affected

Microsoft Office SharePoint Server 2007 12.0.0.6421 and prior.

References

http://www.securityfocus.com/archive/1/archive/1/509683/100/0/threaded

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-0716
CVSS Base Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

Related Vulnerabilities

Microsoft Remote Desktop Protocol Detection
Compatibility Issues Affecting Signed Microsoft Binaries (2749655)
pcAnywhere TCP
CA Unicenter's Transport Service is running
Microsoft SMB Signing Enabled and Not Required At Server

Take action and discover your vulnerabilities