Elevation of privilege vulnerability in HTML Sanitization ComponentID: oval:org.secpod.oval:def:7318 | Date: (C)2012-10-12 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
The host is installed with Microsoft Office Web Apps 2010, Microsoft SharePoint Foundation 2010 Service Pack 1, Microsoft Windows SharePoint Services 3.0 Service Pack 2, Microsoft Groove Server 2010 Service Pack 1, Microsoft SharePoint Server 2010 Service Pack 1, Microsoft SharePoint Server 2007 Service Pack 3, or Service Pack 2, Microsoft Lync 2010 Attendee, Microsoft Lync 2010, Microsoft InfoPath 2010 Service Pack 1, Microsoft InfoPath 2007 Service Pack 2 or Service Pack 3 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly validate the HTML strings. Successful exploitation allows attackers to perform cross-site scripting attacks and run script in the security context of the logged-on user.
Platform: |
Microsoft Windows 7 |
Microsoft Windows 8 |
Microsoft Windows Server 2003 |
Microsoft Windows 10 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Vista |
Microsoft Windows XP |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Product: |
Microsoft Communicator 2007 R2 |
Microsoft Groove Server 2010 |
Microsoft InfoPath 2007 |
Microsoft InfoPath 2010 |
Microsoft Office Web Apps 2010 |
Microsoft Lync 2010 |
Microsoft Lync 2010 Attendee |
Microsoft SharePoint Foundation 2010 |
Microsoft SharePoint Server 2007 |
Microsoft SharePoint Server 2010 |
Microsoft SharePoint Services 3.0 |