CVE-2010-1257
published 2010-06-08CVE-2010-1257: Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint…
medium4.3CVSS 3.1
AVNACMAuNCNIPAN
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | groove_server | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | office_infopath | — | — |
| microsoft | office_infopath | — | — |
| microsoft | sharepoint_foundation | — | — |
| microsoft | sharepoint_server | — | — |
| microsoft | sharepoint_services | — | — |
GHSA
GHSA-p4fm-mppm-v7m5: The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3
ghsa_unreviewed·2022-05-13·CVSS 4.3
CVE-2010-3324 [MEDIUM] CWE-79 GHSA-p4fm-mppm-v7m5: The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
GHSA
GHSA-f2pm-wfcp-596f: Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office ShareP
ghsa_unreviewed·2022-05-02
CVE-2010-1257 [MEDIUM] CWE-79 GHSA-f2pm-wfcp-596f: Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office ShareP
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.
No detection rules found.
No public exploits indexed.
Zscaler
Zscaler Provides Protection for 3 Microsoft Vulnerabilities
blogs_zscaler·CVSS 9.3
[CRITICAL] Zscaler Provides Protection for 3 Microsoft Vulnerabilities
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Zscaler
Zscaler found Multiple Security Vulnerabilities | 06-08-2010
blogs_zscaler·CVSS 9.3
[CRITICAL] Zscaler found Multiple Security Vulnerabilities | 06-08-2010
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://support.avaya.com/css/P8/documents/100089747http://www.securityfocus.com/bid/40409http://www.us-cert.gov/cas/techalerts/TA10-159B.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039https://exchange.xforce.ibmcloud.com/vulnerabilities/58866https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677http://support.avaya.com/css/P8/documents/100089747http://www.securityfocus.com/bid/40409http://www.us-cert.gov/cas/techalerts/TA10-159B.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039https://exchange.xforce.ibmcloud.com/vulnerabilities/58866https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677
2010-06-08
Published