XSS in Microsoft Groove_server

CVE-2012-2520

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Se…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.242 (96.2th percentile) — read the EPSS interpretation.

Affected products

Microsoft Groove_server — versions 2010
Microsoft Infopath — versions 2007, 2010
Microsoft Lync — versions 2010
Microsoft Office_communicator — versions 2007
Microsoft Office_web_apps — versions 2010
Microsoft Sharepoint_foundation — versions 2010
Microsoft Sharepoint_server — versions 2007, 2010
Microsoft Sharepoint_services — versions 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

55797 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
oval:org.mitre.oval:def:14976 (x_refsource_OVAL, signature, vdb-entry)
1027628 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
1027626 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
1027629 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
1027627 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
TA12-283A (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)
MS12-066 (x_refsource_MS, vendor-advisory)
1027625 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)