Microsoft SharePoint Portal Server Unspecified Cross-Site Scripting Vulnerabilities

BID:10043

Info

Microsoft SharePoint Portal Server Unspecified Cross-Site Scripting Vulnerabilities

Bugtraq ID: 10043
Class: Input Validation Error
CVE: CVE-2004-0379
Remote: Yes
Local: No
Published: Apr 05 2004 12:00AM
Updated: Jul 12 2009 04:06AM
Credit: Discovery is credited to Ory Segal from Sanctum inc. <http://www.SanctumInc.com>.
Vulnerable: Microsoft SharePoint Portal Server 2001 SP2A
Microsoft SharePoint Portal Server 2001 SP2
Microsoft SharePoint Portal Server 2001 SP1
- Microsoft IIS 5.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Microsoft SharePoint Portal Server 2001
- Microsoft IIS 5.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Not Vulnerable: Microsoft SharePoint Portal Server 2001 SP3

Discussion

Microsoft SharePoint Portal Server Unspecified Cross-Site Scripting Vulnerabilities

It has been reported that SharePoint Portal Server may be affected by multiple unspecified cross-site scripting vulnerabilities that could allow an attacker to execute arbitrary HTML or script code in a victim user's browser. These issues allow for theft of cookie-based authentication credentials or other attacks.

Microsoft has released SharePoint Portal Server 2001 Service Pack 3 to address these issues. All prior versions of the server are assumed to be prone to these vulnerabilities. It is not known if later releases, such as Microsoft SharePoint Portal Server 2003, are affected by these issues.

Exploit / POC

Microsoft SharePoint Portal Server Unspecified Cross-Site Scripting Vulnerabilities

No exploit is required.

Solution / Fix

Microsoft SharePoint Portal Server Unspecified Cross-Site Scripting Vulnerabilities

Solution:
Microsoft has released SharePoint Portal Server 2001 Service Pack 3 to address these issues.


Microsoft SharePoint Portal Server 2001 SP1

Microsoft SharePoint Portal Server 2001 SP2A

Microsoft SharePoint Portal Server 2001

Microsoft SharePoint Portal Server 2001 SP2

References

Microsoft SharePoint Portal Server Unspecified Cross-Site Scripting Vulnerabilities

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report