CVE-2012-1859

Microsoft Office Web Apps - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."

References (3)

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA12-192A.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050

Scores

EPSS 0.4134

EPSS Percentile 97.4%

Classification

CWE

CWE-79

Status published

Affected Products (7)

microsoft/office_web_apps

microsoft/office_web_apps

microsoft/sharepoint_foundation

microsoft/sharepoint_foundation

microsoft/sharepoint_server

microsoft/sharepoint_server

n/a/n/a

Timeline

Published Jul 10, 2012

Tracked Since Feb 18, 2026