XSS in Microsoft Sharepoint_foundation

CVE-2011-1891

Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.479 (97.8th percentile) — read the EPSS interpretation.

Affected products

Microsoft Sharepoint_foundation — versions 2010
Microsoft Sharepoint_services — versions 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

oval:org.mitre.oval:def:12864 (x_refsource_OVAL, signature, vdb-entry)
MS11-074 (x_refsource_MS, vendor-advisory)
TA11-256A (US Government Resource, x_refsource_CERT, third-party-advisory)