#VU3048 Cross-site scripting


Published: 2020-03-18 | Updated: 2020-11-20

Vulnerability identifier: #VU3048

Vulnerability risk: Medium

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2010-0817

CWE-ID: CWE-79

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Microsoft Windows SharePoint Services
Web applications / Other software
Microsoft Office InfoPath
Client/Desktop applications / Office applications
Microsoft SharePoint Server
Server applications / Application servers

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability exists due to insufficient sanitization of user-supplied input data passed to Help.aspx script. A remote attacker can trick the victim into following a specially crafted link and execute arbitrary HTML and script code in victim’s browser in context of vulnerable SharePoint website.

Successful exploitation may allow an attacker to conduct phishing and drive-by-download attacks.

Note: this vulnerability is being publicly exploited.

Mitigation
Install update from vendor's website:

Microsoft Windows SharePoint Services 3.0 Service Pack 1 and Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32-bit versions)
https://www.microsoft.com/downloads/details.aspx?familyid=3841ceda-d0af-4e5e-8a1a-7dd954850783

Microsoft Windows SharePoint Services 3.0 Service Pack 1 and Microsoft Windows SharePoint Services 3.0 Service Pack 2 (64-bit versions)
https://www.microsoft.com/downloads/details.aspx?familyid=94bc76d4-78e4-4bda-8922-36c3a9d3854f

Vulnerable software versions

Microsoft Windows SharePoint Services: 3.0 SP1

Microsoft Office InfoPath: 2003 - 2007

Microsoft SharePoint Server: 2007

External links
http://technet.microsoft.com/en-us/library/security/ms10-039.aspx
http://www.htbridge.com/advisory/HTB22350

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Microsoft SharePoint