XSS vulnerability in themeweb.aspx in Microsoft SharePoint Server 2010 and SharePoint Foundation 2010ID: oval:org.secpod.oval:def:4142 | Date: (C)2012-02-16 (M)2021-06-02 |
Class: VULNERABILITY | Family: windows |
The host is installed with Microsoft SharePoint Server 2010 and SharePoint Foundation 2010 and is prone to cross-site scripting vulnerability. A flaw is present due to improper handling of URL containing malicious JavaScript elements. Successful exploitation could allow attackers to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Vista |
Microsoft Windows XP |
Microsoft Windows 7 |
Product: |
Microsoft SharePoint Server 2010 |
Microsoft SharePoint Foundation 2010 |