Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0817

CWE-79Cross-site Scripting (XSS)6 documents6 sources
Severity
4.3MEDIUM
EPSS
55.3%
top 1.93%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Sharepoint ServerMicrosoft Sharepoint Services
Timeline
PublishedApr 29
Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
GHSA-xj8q-vqrm-hvqr: Cross-site scripting (XSS) vulnerability in _layouts/help2022-05-02
CVEList
CVE-2010-0817: Cross-site scripting (XSS) vulnerability in _layouts/help2010-04-29
VulnCheck
Microsoft SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2010

💥Exploits & PoCs

1
Exploit-DB
Microsoft SharePoint Server 2007 - Cross-Site Scripting2010-04-29

🔍Detection Rules

1
Suricata
ET WEB_SERVER Microsoft SharePoint Server 2007 _layouts/help.aspx Cross Site Scripting Attempt2010-07-30
CVE-2010-0817 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io