Back to search
CVE-2007-2581
Published: May 9, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:2286
vdb-entry
signature
x_refsource_OVAL
23832
vdb-entry
x_refsource_BID
MS07-059
vendor-advisory
x_refsource_MS
1018789
vdb-entry
x_refsource_SECTRACK
20070513 Re: XSS in Microsoft SharePoint
mailing-list
x_refsource_BUGTRAQ
HPSBST02280
vendor-advisory
x_refsource_HP
SSRT071480
vendor-advisory
x_refsource_HP
37630
vdb-entry
x_refsource_OSVDB
sharepoint-default-pathinfo-xss(34343)
vdb-entry
x_refsource_XF
20070504 XSS in Microsoft SharePoint
mailing-list
x_refsource_BUGTRAQ
27148
third-party-advisory
x_refsource_SECUNIA
ADV-2007-3439
vdb-entry
x_refsource_VUPEN
2682
third-party-advisory
x_refsource_SREASON
20070505 RE: XSS in Microsoft SharePoint
mailing-list
x_refsource_BUGTRAQ
TA07-282A
third-party-advisory
x_refsource_CERT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now