CVE-2010-0817

CVE Database · CVE-2010-0817

CVE-2010-0817

· N/AModified

CVSS v3.1

N/A

EPSS

28.71%

Published

Apr 29, 2010

Modified

Apr 28, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft SharePoint Server 2007 - Cross-Site Scripting TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.

Weaknesses (CWE)

CWE-79

Affected Products (5)

microsoft · sharepoint_servervulnerable

microsoft · sharepoint_servicesvulnerable

References (10)

http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html

Exploit

http://www.securityfocus.com/archive/1/511021/100/0/threaded

http://www.us-cert.gov/cas/techalerts/TA10-159B.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039