CVE-2012-1861

Microsoft Office Web Apps - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."

References (3)

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA12-192A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544

Scores

EPSS 0.3888

EPSS Percentile 97.2%

Classification

CWE

CWE-79

Status published

Affected Products (7)

microsoft/office_web_apps

microsoft/office_web_apps

microsoft/sharepoint_foundation

microsoft/sharepoint_foundation

microsoft/sharepoint_server

microsoft/sharepoint_server

n/a/n/a

Timeline

Published Jul 10, 2012

Tracked Since Feb 18, 2026