CVE-2011-1893

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
microsoftsharepoint_services
2.0
microsoftsharepoint_services
3.0:sp2
microsoftsharepoint_services
3.0:sp2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.us-cert.gov/cas/techalerts/TA11-256A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676
http://www.us-cert.gov/cas/techalerts/TA11-256A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676