CVE-2013-1289

EXPLOITED

Microsoft SharePoint <2010 SP1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

References (3)

[US Government Resource] http://www.us-cert.gov/ncas/alerts/TA13-100A

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035

Scores

EPSS 0.4496

EPSS Percentile 97.5%

Details

VulnCheck KEV 2013-04-09

CWE

CWE-79

Status published

Products (7)

microsoft/groove_server

microsoft/infopath

microsoft/office_web_apps

microsoft/sharepoint_foundation

microsoft/sharepoint_server

n/a/n/a

Published Apr 09, 2013

Tracked Since Feb 18, 2026