CVE-2011-1890

Microsoft Sharepoint Foundation - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."

References (3)

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA11-256A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788

Scores

EPSS 0.3459

EPSS Percentile 97.0%

Classification

CWE

CWE-79

Status published

Affected Products (3)

microsoft/sharepoint_foundation

microsoft/sharepoint_server

n/a/n/a

Timeline

Published Sep 15, 2011

Tracked Since Feb 18, 2026