XSS in Microsoft SharePoint Server 2007
| Vulnerability ID: | HTB22350 |
| Product: | Microsoft SharePoint Server 2007 |
| Vendor: | Microsoft Corporation ( http://www.microsoft.com/ ) |
| Vulnerable Version: | 12.0.0.6421 and Probably Prior Versions |
| Vendor Notification: | 12 April 2010 |
| Public Disclosure: | 28 April 2010 |
| Vulnerability Type: | XSS (Cross Site Scripting) |
| Status: | Fixed |
| Risk level: | Medium |
 | |
| Credit: | High-Tech Bridge SA |
Vulnerability Details: | |
| User can execute arbitrary JavaScript code within the vulnerable application. The vulnerability exists due to failure in the "/_layouts/help.aspx" script to properly sanitize user-supplied input in "cid0" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. An attacker can use browser to exploit this vulnerability. The following PoC is available: http://host/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X | |
Solution: | |
| Upgrade to the most recent version | |
