Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote malicious users to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet_explorer 7 |
||
microsoft internet_explorer 8 |
This month’s patch Tuesday is a sizable one by any standards, following the quiet Tuesday that my colleague Roel Schouwenberg described last month. Microsoft is patching a total of 34 vulnerabilities in 16 bulletins, MS11-038 through MS11-051. At least eight different Microsoft product lines are updated, and Adobe is coordinating release of Reader, Acrobat, Shockwave and Flash updates as well today. So we are looking at patching the following programs: Microsoft Windows, Microsoft Office, Inte...