CVE-2010-0817
EXPLOITEDMicrosoft SharePoint Server 2007 <12.0.0.6421 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge SA · textwebappswindows
https://www.exploit-db.com/exploits/12450
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-159B.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7468
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511021/100/0/threaded
Exploit x_refsource_misc
http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html
Scores
EPSS
0.5532
EPSS Percentile
98.1%
Details
VulnCheck KEV
2010-06-08
CWE
CWE-79
Status
published
Products (2)
microsoft/sharepoint_server
2007
microsoft/sharepoint_services
3.0 sp1 (4 CPE variants)
Published
Apr 29, 2010
Tracked Since
Feb 18, 2026