XSS in Microsoft Groove_server

CVE-2010-3324

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.264 (96.4th percentile) — read the EPSS interpretation.

Affected products

Microsoft Groove_server — versions 2010
Microsoft Internet_explorer — versions 8
Microsoft Sharepoint_foundation — versions 2010
Microsoft Sharepoint_server — versions 2007
Microsoft Sharepoint_services — versions 3.0
Microsoft Web_apps
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

secure@microsoft.com (Exploit, x_refsource_MISC)
MS10-071 (x_refsource_MS, vendor-advisory)
20100814 IE8 toStaticHtml Bypass (mailing-list, Exploit, x_refsource_FULLDISC)
oval:org.mitre.oval:def:7297 (x_refsource_OVAL, signature, vdb-entry)
MS10-072 (x_refsource_MS, vendor-advisory)
TA10-285A (US Government Resource, x_refsource_CERT, third-party-advisory)
secure@microsoft.com (x_refsource_CONFIRM)