Published advisory · CVE-2012-0145

Microsoft SharePoint Server XSS in wizardlist.aspx Elevation of Privilege Vulnerability

Published Rocco Calvi
CVSS severity 4.3/ 10.0 · Medium

Vulnerability analysis

A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. Due to the vulnerability, when the malicious JavaScript is echoed back to the user’s browser, the resulting page could allow an attacker to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site.

Disclosure timeline

  1. Coordinated public release of advisory

References