CVE-2012-1863
Summary
| CVE | CVE-2012-1863 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-07-10 21:55:00 UTC |
| Updated | 2018-10-12 22:02:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Office Sharepoint Server | 2007 | sp2 | x32 | All |
| Application | Microsoft | Office Sharepoint Server | 2007 | sp2 | x64 | All |
| Application | Microsoft | Office Sharepoint Server | 2007 | sp3 | x32 | All |
| Application | Microsoft | Office Sharepoint Server | 2007 | sp3 | x64 | All |
| Application | Microsoft | Office Sharepoint Server | 2007 | sp2 | x32 | All |
| Application | Microsoft | Office Sharepoint Server | 2007 | sp2 | x64 | All |
| Application | Microsoft | Office Sharepoint Server | 2007 | sp3 | x32 | All |
| Application | Microsoft | Office Sharepoint Server | 2007 | sp3 | x64 | All |
| Application | Microsoft | Sharepoint Foundation | 2010 | All | All | All |
| Application | Microsoft | Sharepoint Foundation | 2010 | sp1 | All | All |
| Application | Microsoft | Sharepoint Foundation | 2010 | All | All | All |
| Application | Microsoft | Sharepoint Foundation | 2010 | sp1 | All | All |
| Application | Microsoft | Sharepoint Server | 2007 | sp2 | All | All |
| Application | Microsoft | Sharepoint Server | 2007 | sp3 | All | All |
| Application | Microsoft | Sharepoint Server | 2007 | sp2 | All | All |
| Application | Microsoft | Sharepoint Server | 2007 | sp3 | All | All |
| Application | Microsoft | Sharepoint Services | 3.0 | sp2 | x32 | All |
| Application | Microsoft | Sharepoint Services | 3.0 | sp2 | x64 | All |
| Application | Microsoft | Sharepoint Services | 3.0 | sp2 | x32 | All |
| Application | Microsoft | Sharepoint Services | 3.0 | sp2 | x64 | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| US-CERT Alert TA12-192A - Microsoft Updates for Multiple Vulnerabilities | CERT | www.us-cert.gov | US Government Resource |
| Microsoft Security Bulletin MS12-050 - Important | Microsoft Docs | MS | docs.microsoft.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.