CVSS: 6.1EPSS: 19%CPEs: 1EXPL: 1CVE-2008-1888 – Microsoft SharePoint Server 2.0 - Picture Source HTML Injection
https://notcve.org/view.php?id=CVE-2008-1888
18 Apr 2008 — Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft Windows SharePoint Services 2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo Picture Source (Fuente de Imagen) (también conocido como picture object source) ... • https://www.exploit-db.com/exploits/31632 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 21%CPEs: 7EXPL: 0CVE-2003-0904
https://notcve.org/view.php?id=CVE-2003-0904
08 Jan 2004 — Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. Microsoft Exchange 2003 y Outlook Web Access (OWA), cuando usan SharePoint Services 2.0, hace que la autenticación Kerberos se desactive para IIS, lo que puede causar que usuarios de OWA vean ... • http://secunia.com/advisories/10615 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •