Skip to main content

Microsoft SharePoint Multiple Vulnerabilities

Last Update Date: 15 Feb 2012 12:02 Release Date: 15 Feb 2012 5200 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers
  1. XSS in inplview.aspx Vulnerability
    A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. Due to the vulnerability, when the malicious JavaScript is echoed back to the user's browser, the resulting page could allow an attacker to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site.
  2. XSS in themeweb.aspx Vulnerability
    A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. Due to the vulnerability, when the malicious JavaScript is echoed back to the user's browser, the resulting page could allow an attacker to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site.
  3. XSS in wizardlist.aspx Vulnerability
    A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. Due to the vulnerability, when the malicious JavaScript is echoed back to the user's browser, the resulting page could allow an attacker to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site.

Impact

  • Elevation of Privilege

System / Technologies affected

  • Microsoft SharePoint Server 2010
  • Microsoft SharePoint Foundation 2010

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link