Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3324

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.3MEDIUM

EPSS

26.4%

top 3.68%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Groove Server Microsoft Internet Explorer Microsoft Sharepoint Foundation +2 more

Timeline

PublishedSep 17

Latest updateMay 13

Description

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-125…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

▶NVDmicrosoft/sharepoint_server2007

▶NVDmicrosoft/sharepoint_services3.0

▶NVDmicrosoft/sharepoint_foundation2010

▶NVDmicrosoft/groove_server2010

▶NVDmicrosoft/internet_explorer8

🔴Vulnerability Details

GHSA

GHSA-p4fm-mppm-v7m5: The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3↗2022-05-13

▶

CVEList

CVE-2010-3324: The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3↗2010-09-17

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass↗2010-08-16

▶