CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-30100 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30100
11 Jun 2024 — Microsoft SharePoint Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30100 • CWE-426: Untrusted Search Path •
CVSS: 5.4EPSS: 8%CPEs: 3EXPL: 1CVE-2010-0716
https://notcve.org/view.php?id=CVE-2010-0716
26 Feb 2010 — _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when... • http://www.hacktics.com/content/advisories/AdvMS20100222.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 19%CPEs: 1EXPL: 1CVE-2008-1888 – Microsoft SharePoint Server 2.0 - Picture Source HTML Injection
https://notcve.org/view.php?id=CVE-2008-1888
18 Apr 2008 — Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft Windows SharePoint Services 2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo Picture Source (Fuente de Imagen) (también conocido como picture object source) ... • https://www.exploit-db.com/exploits/31632 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •