Vulnerability Note VU#340409
Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting vulnerabilities
Microsoft Windows SharePoint Services and SharePoint Team Services contain cross-site scripting vulnerabilities. These vulnerabilities could be exploited to execute arbitrary code in the security context of the affected user.
Microsoft Windows SharePoint Services for Windows Server 2003 and SharePoint Team Services are used to create collaborative Web sites. Versions of Microsoft SharePoint software contain several cross-site scripting vulnerabilities caused by insufficient validation of data used as input to HTML redirection queries. The output of such queries may contain malicious script that if executed, could lead to arbitrary code of an attacker's choice being run in the security context of the affected user.
These vulnerabilities could be exploited to execute arbitrary code in the security context of the affected user.
In addition, per Microsoft Security Bulletin MS05-006:
Apply a patch from the vendor
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||08 Feb 2005|
CVSS Metrics (Learn More)
Thanks to Microsoft for reporting this vulnerability in Microsoft Security Bulletin MS05-006.
This document was written by Jeffrey S. Havrilla.
- CVE IDs: CAN-2005-0049
- Date Public: 08 Feb 2005
- Date First Published: 08 Feb 2005
- Date Last Updated: 08 Feb 2005
- Severity Metric: 15.12
- Document Revision: 6
If you have feedback, comments, or additional information about this vulnerability, please send us email.