XSS in Microsoft Internet_explorer
CVE-2010-1257
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.369 (97.2th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Internet_explorer — versions 8
- Microsoft Office_infopath — versions 2007, 2003
- Microsoft Sharepoint_server — versions 2007
- Microsoft Sharepoint_services — versions 3.0
- Microsoft Windows_2003_server
- Microsoft Windows_7
- Microsoft Windows_server_2008 — versions r2
- Microsoft Windows_vista
- Microsoft Windows_xp
- N/a — versions n/a
Weakness classification (CWE)
References
- secure@microsoft.com (x_refsource_CONFIRM)
- ie-tostatichtml-information-disclosure(58866) (vdb-entry, x_refsource_XF)
- MS10-039 (x_refsource_MS, vendor-advisory)
- 40409 (vdb-entry, x_refsource_BID)
- oval:org.mitre.oval:def:6677 (x_refsource_OVAL, signature, vdb-entry)
- MS10-035 (x_refsource_MS, vendor-advisory)
- TA10-159B (US Government Resource, x_refsource_CERT, third-party-advisory)