[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2581Date: (C)2007-05-09   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018789
http://www.securityfocus.com/archive/1/467738/100/0/threaded
http://www.securityfocus.com/archive/1/467749/100/0/threaded
http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html
BID-23832
SREASON-2682
SECUNIA-27148
OSVDB-37630
ADV-2007-3439
HPSBST02280
MS07-059
TA07-282A
oval:org.mitre.oval:def:2286
sharepoint-default-pathinfo-xss(34343)

CPE    3
cpe:/a:microsoft:sharepoint_services:3.0
cpe:/a:microsoft:sharepoint_server:2007
cpe:/a:microsoft:windows_2003
CWE    1
CWE-79
OVAL    1
oval:org.mitre.oval:def:2286

© SecPod Technologies