CVE-2007-2581

Microsoft Windows SharePoint Services 3.0 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Solarius · textremotewindows

https://www.exploit-db.com/exploits/29951

View Code ZIP pw:eip

References (14)

Core 14

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2286

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/23832

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-059

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1018789

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html

Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp

http://www.securityfocus.com/archive/1/482366/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/37630

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/34343

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/467738/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27148

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3439

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2682

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/467749/100/0/threaded

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA07-282A.html

Scores

EPSS 0.7547

EPSS Percentile 98.9%

Details

CWE

CWE-79

Status published

Products (3)

microsoft/sharepoint_server 2007

microsoft/sharepoint_services 3.0

microsoft/windows_2003

Published May 09, 2007

Tracked Since Feb 18, 2026