Test ID:	1.3.6.1.4.1.25623.1.0.800481
Category:	Windows
Title:	Microsoft SharePoint Cross Site Scripting Vulnerability
Summary:	Microsoft SharePoint Server is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: Microsoft SharePoint Server is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: This flaw is due to insufficient validation of user supplied data passed into 'SourceUrl' and 'Source' parameters in the 'download.aspx' in SharePoint Team Services. Vulnerability Impact: Successful exploitation will allow remote authenticated users to leverage same-origin relationships and conduct cross-site scripting attacks by uploading TXT files. Affected Software/OS: Microsoft Office SharePoint Server 2007 12.0.0.6421 and prior. Solution: Upgrade to SharePoint Server 2010 or later. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0716 Bugtraq: 20100222 Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal (Google Search) http://www.securityfocus.com/archive/1/509683/100/0/threaded http://www.hacktics.com/content/advisories/AdvMS20100222.html XForce ISS Database: sharepoint-aspx-xss(56597) https://exchange.xforce.ibmcloud.com/vulnerabilities/56597
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.