Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2581

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
4.3MEDIUM
EPSS
75.5%
top 1.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Sharepoint ServerMicrosoft Sharepoint Services
Timeline
PublishedMay 9
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-9cxq-qfj2-hvjw: Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 32022-05-01
CVEList
CVE-2007-2581: Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 32007-05-09

💥Exploits & PoCs

1
Exploit-DB
Microsoft SharePoint Server 3.0 - Cross-Site Scripting2007-05-04
CVE-2007-2581 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io