CVE-2012-1859Cross-site Scripting in Microsoft Office WEB Apps

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
41.3%
top 2.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Office WEB AppsMicrosoft Sharepoint FoundationMicrosoft Sharepoint Server
Timeline
PublishedJul 10
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-44c7-2233-xwr4: Cross-site scripting (XSS) vulnerability in scriptresx2022-05-14
CVEList
CVE-2012-1859: Cross-site scripting (XSS) vulnerability in scriptresx2012-07-10
CVE-2012-1859 — Cross-site Scripting in Microsoft | cvebase