Microsoft SharePoint Elevation Of Privilege Vulnerability
Publish Date: 21 juillet 2015
Gravité: : Medium
Identifiant(s) CVE: : CVE-2010-0817
Date du conseil: 21 juillet 2015
Description
Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
Affected software and version:
- microsoft sharepoint_server 2007
- microsoft sharepoint_services 3.0