CVE-2010-0817

EXPLOITED

Microsoft SharePoint Server 2007 <12.0.0.6421 - XSS

Title source: llm

Exploitation Summary

CVE-2010-0817 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including High-Tech Bridge SA.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Microsoft SharePoint Server 2007 via the '/_layouts/help.aspx' script, where the 'cid0' parameter fails to sanitize user input, allowing arbitrary JavaScript execution.

Description

Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · textwebappswindows

https://www.exploit-db.com/exploits/12450

View Code ZIP pw:eip

This exploit demonstrates a reflected XSS vulnerability in Microsoft SharePoint Server 2007 via the '/_layouts/help.aspx' script, where the 'cid0' parameter fails to sanitize user input, allowing arbitrary JavaScript execution.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Microsoft SharePoint Server 2007 (12.0.0.6421 and prior)

No auth needed

Prerequisites: Access to the SharePoint Server instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-159B.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7468

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/511021/100/0/threaded

Exploit x_refsource_misc

http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html

Scores

EPSS 0.2871

EPSS Percentile 97.9%

Details

VulnCheck KEV 2010-06-08

CWE

CWE-79

Status published

Products (2)

microsoft/sharepoint_server 2007

microsoft/sharepoint_services 3.0 sp1 (4 CPE variants)

Published Apr 29, 2010

Tracked Since Feb 18, 2026