|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-06-27 | |
| Rule Name: | Microsoft SharePoint Server and Foundation 2010 and 2010 SP1 Cross Site Scripting Vulnerability (CVE-2012-0145) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability." | |
| Impact: | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011 http://www.us-cert.gov/cas/techalerts/TA12-045A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14826 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://technet.microsoft.com/zh-cn/security/bulletin/ms12-011 |