Microsoft SharePoint Multiple Vulnerabilities

Last Update Date: 15 Feb 2012 12:02 Release Date: 15 Feb 2012 4393 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

XSS in inplview.aspx Vulnerability
A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. Due to the vulnerability, when the malicious JavaScript is echoed back to the user's browser, the resulting page could allow an attacker to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site.
XSS in themeweb.aspx Vulnerability
A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. Due to the vulnerability, when the malicious JavaScript is echoed back to the user's browser, the resulting page could allow an attacker to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site.
XSS in wizardlist.aspx Vulnerability
A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. Due to the vulnerability, when the malicious JavaScript is echoed back to the user's browser, the resulting page could allow an attacker to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site.