Check Point Reference: | CPAI-2011-117 |
Date Published: | 13 Sep 2011 |
Severity: | High |
Last Updated: | Saturday 01 January, 2011 |
Source: | Microsoft Security Bulletin MS11-074 |
Industry Reference: | CVE-2011-1891 |
Protection Provided by: | |
Who is Vulnerable? | SharePoint Server 2010 |
Vulnerability Description | Multiple cross-site scripting vulnerabilities have been reported in Microsoft SharePoint Server. A remote attacker could exploit these vulnerabilities to execute a cross-site scripting attack that could allow him to issue commands in an affected SharePoint server. |
Update/Patch Avaliable | Microsoft Security Bulletin MS11-074 |
Vulnerability Details | The vulnerabilities are due to insufficient validation of user input by an affected SharePoint server. An attacker can exploit these vulnerabilities by convincing unsuspecting users to open a specially crafted website. Successful exploitation will allow an attacker to issue SharePoint commands in an affected server, in the security context of the logged in user. |