CVSS: 4.3EPSS: 86%CPEs: 5EXPL: 0CVE-2011-1893
https://notcve.org/view.php?id=CVE-2011-1893
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 y 3.0 SP2, y SharePoint Server 2010 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la URI. Problema también conocido como "Vulnerabilidad XSS de SharePoint." • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 91%CPEs: 17EXPL: 0CVE-2010-3243
https://notcve.org/view.php?id=CVE-2010-3243
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." Una vulnerabilidad de ejecución de comandos en sitios cruzados en la función toStaticHTML en Microsoft Internet Explorer v8, y la función SafeHTML en Microsoft Windows SharePoint Services v3.0 SP2 y Office SharePoint Server 2007 SP2, permite a atacantes remotos inyectar código web o HTML de su lección a través de vectores no especificados, conocido como "Vulnerabilidad de saneamiento HTML ." • http://support.avaya.com/css/P8/documents/100113324 http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7637 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 94%CPEs: 6EXPL: 3CVE-2010-3324 – Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass
https://notcve.org/view.php?id=CVE-2010-3324
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. La función toStaticHTML en Internet Explorer 8 de Microsoft y la función SafeHTML en Windows SharePoint Services versión 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010 y Office Web Apps de Microsoft, permite a los atacantes remotos omitir el mecanismo de protección de cross-site scripting (XSS) y conducir ataques de tipo XSS por medio de un uso especialmente diseñado de la regla @import de Hojas de Estilo en Cascada (CSS), también se conoce como "HTML Sanitization Vulnerability", una vulnerabilidad diferente de CVE-2010-1257. • https://www.exploit-db.com/exploits/34478 http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html http://support.avaya.com/css/P8/documents/100113324 http://www.us-cert.gov/cas/techalerts/TA10-285A.html http://www.wooyun.org/bug.php?action=view&id=189 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072 https://oval.cisecurity.org/repository/search/definition/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 93%CPEs: 1EXPL: 1CVE-2010-2561 – Microsoft Msxml2.XMLHTTP.3.0 - Response Handling Memory Corruption (MS10-051)
https://notcve.org/view.php?id=CVE-2010-2561
Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability." Microsoft XML Core Services (también conocido como MSXML) v3.0 no manipula correctamente respuestas HTTP, las cuales pueden permitir a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (corrupción de memoria) mediante una respuesta manipulada. • https://www.exploit-db.com/exploits/14609 http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11730 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 65%CPEs: 28EXPL: 0CVE-2010-1257
https://notcve.org/view.php?id=CVE-2010-1257
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la API toStaticHTML, tal como es usada en Microsoft Office InfoPath 2003 SP3, 2007 SP1 y 2007 SP2; Office SharePoint Server 2007 SP1 y SP2; SharePoint Services 3.0 SP1 y SP2 y Internet Explorer 8 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con procedimientos de limpieza. • http://support.avaya.com/css/P8/documents/100089747 http://www.securityfocus.com/bid/40409 http://www.us-cert.gov/cas/techalerts/TA10-159B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039 https://exchange.xforce.ibmcloud.com/vulnerabilities/58866 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •