Information disclosure vulnerability in Microsoft Office SharePoint Server, Services, FoundationDeprecated |
ID: oval:org.secpod.oval:def:2264 | Date: (C)2011-09-14 (M)2023-12-14 |
Class: VULNERABILITY | Family: windows |
The host is installed with Microsoft Office SharePoint Server 2007 Service Pack 2 or Microsoft Office SharePoint Server 2010 or SP1 or Microsoft Windows SharePoint Services 3.0 Service Pack 2 or SharePoint Foundation 2010 or SP1 and is prone to information disclosure vulnerability. A flaw is present in the applications where SafeHTML function does not properly validate HTML. Successful exploitation allows remote attackers to perform persistent cross-site scripting attacks against users of a site that is filtering HTML content via SafeHTML.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |
Product: |
Microsoft SharePoint Foundation 2010 |
Microsoft SharePoint Server 2010 |
Microsoft Windows SharePoint Services 3.0 |