CVSS: 4.3EPSS: 84%CPEs: 3EXPL: 0CVE-2011-0653
https://notcve.org/view.php?id=CVE-2011-0653
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability." Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Microsoft Office SharePoint Server 2010 Gold y SP1, y SharePoint Server 2010, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la URI. Se trata de un problema tambien conocido como "Vulnerabilidad XSS en el calendario de Sharepoint". • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 21%CPEs: 2EXPL: 0CVE-2011-1890
https://notcve.org/view.php?id=CVE-2011-1890
Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability." Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en EditForm.aspx en Microsoft Office SharePoint Server 2010 y SharePoint Server 2010 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un mensaje. Es un problema también conocido como "Vulnerabilidad de inyección en el script EditForm." • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 84%CPEs: 5EXPL: 0CVE-2011-1893
https://notcve.org/view.php?id=CVE-2011-1893
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 y 3.0 SP2, y SharePoint Server 2010 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la URI. Problema también conocido como "Vulnerabilidad XSS de SharePoint." • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 84%CPEs: 4EXPL: 0CVE-2011-1891
https://notcve.org/view.php?id=CVE-2011-1891
Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Microsoft Windows SharePoint Services 3.0 SP2, y SharePoint Server 2010 Gold y SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados en una solicitud a un script. Es un problema también conocido como "Vulnerabilidad de XSS de Detalles de Contacto reflejados". • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 8%CPEs: 20EXPL: 1CVE-2011-1892 – SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)
https://notcve.org/view.php?id=CVE-2011-1892
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." Microsoft Office Groove 2007 Service Pack 2, SharePoint Workspace 2010 Gold y SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold y SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold y SP1, Windows SharePoint Services 3.0 SP2, Windows SharePoint 2010 y Office Web Aplicaciones 2010 Gold y SP1 no gestionan correctamente las partes web que contienen clases XML que referencian a entidades externas, lo que permite a usuarios remotos autenticados leer ficheros de su elección a través de un archivo XML o XSL debidamente modificados. Es un problema también conocido como "Vulnerabilidad de revelado de fichero remoto de Sharepoint." SharePoint 2007 / 2010 and DotNetNuke versions prior to 6 suffer from a file disclosure vulnerability. • https://www.exploit-db.com/exploits/17873 http://securityreason.com/securityalert/8386 http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •