QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2012-2520

Back to search

CVE-2012-2520

Published: Oct 9, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

VendorProductVersions

n/a

n/a

affected
n/a

References

55797
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:14976
vdb-entry
signature
x_refsource_OVAL
1027628
vdb-entry
x_refsource_SECTRACK
1027626
vdb-entry
x_refsource_SECTRACK
1027629
vdb-entry
x_refsource_SECTRACK
1027627
vdb-entry
x_refsource_SECTRACK
TA12-283A
third-party-advisory
x_refsource_CERT
MS12-066
vendor-advisory
x_refsource_MS
1027625
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now