Microsoft SharePoint Multiple Vulnerabilities

Last Update Date: 11 Jul 2012 17:17 Release Date: 11 Jul 2012 4152 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

HTML Sanitization Vulnerability
An information disclosure vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user.
XSS scriptresx.ashx Vulnerability
A cross-site scripting and elevation of privilege vulnerability exists in SharePoint allows attacker-controlled JavaScript to run in the context of the user clicking a link. This is an elevation of privilege vulnerability as it allows an anonymous attacker to potentially issue SharePoint commands in the context of an authenticated user on the site.
SharePoint Search Scope Vulnerability
An information disclosure vulnerability exists in the way that SharePoint stores search scopes. An attacker could view or tamper with other users' search scopes.
SharePoint Search Scope Vulnerability
An information disclosure vulnerability exists in the way that SharePoint stores search scopes. An attacker could view or tamper with other users' search scopes.
SharePoint URL Redirection Vulnerability
A URL redirection vulnerability, which could lead to spoofing and information disclosure,exists in SharePoint which could allow an attacker to redirect a user to an external URL.
SharePoint Reflected List Parameter Vulnerability
A cross-site scripting vulnerability exists in SharePoint allows attacker-controlled JavaScript to run in the context of the user clicking a link. This is an elevation of privilege vulnerability as it allows an anonymous attacker to potentially issue SharePoint commands in the context of an authenticated user.