Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 09/10/2012 Updated: 12/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote malicious users to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft office communicator 2007
microsoft lync 2010
microsoft office web apps 2010
microsoft sharepoint server 2007
microsoft infopath 2007
microsoft infopath 2010
microsoft groove server 2010
microsoft sharepoint services 3.0
microsoft sharepoint foundation 2010
microsoft sharepoint server 2010

CWE-79 http://www.us-cert.gov/cas/techalerts/TA12-283A.html http://www.securitytracker.com/id?1027627 http://www.securitytracker.com/id?1027629 http://www.securitytracker.com/id?1027628 http://www.securitytracker.com/id?1027625 http://www.securityfocus.com/bid/55797 http://www.securitytracker.com/id?1027626 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-2520

Vulnerability Summary

References

Vulmon Search

About

Products

Connect