CVSS: 6.1EPSS: 44%CPEs: 6EXPL: 3CVE-2010-3324 – Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass
https://notcve.org/view.php?id=CVE-2010-3324
17 Sep 2010 — The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. La funció... • https://www.exploit-db.com/exploits/34478 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 44%CPEs: 28EXPL: 0CVE-2010-1257
https://notcve.org/view.php?id=CVE-2010-1257
08 Jun 2010 — Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la API toStaticHTML, tal como es usada en Microsoft Office InfoPath 2003 SP3, 2007 SP1 y 2007 SP2; Off... • http://support.avaya.com/css/P8/documents/100089747 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 58%CPEs: 4EXPL: 0CVE-2010-1264
https://notcve.org/view.php?id=CVE-2010-1264
08 Jun 2010 — Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." Vulnerabilidad no especificada en Microsoft Windows SharePoint Services 3.0 SP1 y SP2 permite a atacantes remotos provocar una denegación de servicio (cuelgue) mediante peticiones manipuladas a la página Help que caus... • http://www.securityfocus.com/bid/40559 •
CVSS: 6.1EPSS: 40%CPEs: 5EXPL: 2CVE-2010-0817 – Microsoft SharePoint Server 2007 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0817
29 Apr 2010 — Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo _layouts/help.aspx en SharePoint Server 2007 versión 12.0.0.6421 y posiblemente anterior, y SharePoint Services versión 3.0 SP1 y SP2 de Microsoft, permite a los atacantes r... • https://www.exploit-db.com/exploits/12450 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 58%CPEs: 41EXPL: 1CVE-2008-4033 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
https://notcve.org/view.php?id=CVE-2008-4033
12 Nov 2008 — Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expre... • https://www.exploit-db.com/exploits/7196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 70%CPEs: 26EXPL: 1CVE-2007-2223 – Microsoft Internet Explorer substringData Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2223
14 Aug 2007 — Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. Microsoft XML Core Services (MSXML) versión 3.0 hasta 6.0 permite a los atacantes remotos ejecutar código arbitrario por medio del método substringData en un objeto (1) TextNode o (2) XMLDOM, lo que provoca un desbordamiento de enteros que conduce a un desbordamiento de búfe... • https://www.exploit-db.com/exploits/30493 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 67%CPEs: 3EXPL: 1CVE-2007-2581 – Microsoft SharePoint Server 3.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2581
09 May 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. Varias vulnerabilidades de tipo cross-site scripting (XSS) en Microsoft Windows SharePoint Services versión 3.0 para Windows Server 2003 y Office SharePoint Server 2007 permiten a atacantes remotos inyectar ... • https://www.exploit-db.com/exploits/29951 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 36%CPEs: 2EXPL: 3CVE-2006-0015 – Microsoft FrontPage - Server Extensions Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0015
11 Apr 2006 — Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. • https://www.exploit-db.com/exploits/27620 •
CVSS: 6.1EPSS: 24%CPEs: 3EXPL: 0CVE-2005-0049
https://notcve.org/view.php?id=CVE-2005-0049
08 Feb 2005 — Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache. • http://www.kb.cert.org/vuls/id/340409 •
CVSS: 7.5EPSS: 21%CPEs: 7EXPL: 0CVE-2003-0904
https://notcve.org/view.php?id=CVE-2003-0904
08 Jan 2004 — Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. Microsoft Exchange 2003 y Outlook Web Access (OWA), cuando usan SharePoint Services 2.0, hace que la autenticación Kerberos se desactive para IIS, lo que puede causar que usuarios de OWA vean ... • http://secunia.com/advisories/10615 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •