Microsoft SharePoint Multiple Vulnerabilities
Last Update Date:
15 Feb 2012 12:02
Release Date:
15 Feb 2012
5200
Views
RISK: Medium Risk
TYPE: Servers - Other Servers
- XSS in inplview.aspx Vulnerability
A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. Due to the vulnerability, when the malicious JavaScript is echoed back to the user's browser, the resulting page could allow an attacker to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site. - XSS in themeweb.aspx Vulnerability
A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. Due to the vulnerability, when the malicious JavaScript is echoed back to the user's browser, the resulting page could allow an attacker to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site. - XSS in wizardlist.aspx Vulnerability
A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. Due to the vulnerability, when the malicious JavaScript is echoed back to the user's browser, the resulting page could allow an attacker to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site.
Impact
- Elevation of Privilege
System / Technologies affected
- Microsoft SharePoint Server 2010
- Microsoft SharePoint Foundation 2010
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
http://technet.microsoft.com/en-us/security/bulletin/ms12-011
Vulnerability Identifier
Source
Related Link
Share with