CVE-2012-1863

Microsoft Office Sharepoint Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."

References (3)

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA12-192A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689

Scores

EPSS 0.4134

EPSS Percentile 97.4%

Classification

CWE

CWE-79

Status published

Affected Products (11)

microsoft/office_sharepoint_server

microsoft/sharepoint_foundation

microsoft/sharepoint_server

microsoft/sharepoint_services

n/a/n/a

Timeline

Published Jul 10, 2012

Tracked Since Feb 18, 2026