CVE-2012-1863

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."

Published: Jul 10, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-1863
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
microsoft / sharepoint_services	3.0-sp2	3.0-sp2.x
microsoft / office_sharepoint_server	2007-sp3	2007-sp3.x
microsoft / sharepoint_server	2007-sp3	2007-sp3.x
microsoft / sharepoint_server	2007-sp2	2007-sp2.x
microsoft / office_sharepoint_server	2007-sp2	2007-sp2.x
microsoft / sharepoint_foundation	2010	2010.x
microsoft / sharepoint_foundation	2010-sp1	2010-sp1.x

http://www.us-cert.gov/cas/techalerts/TA12-192A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689

Vulnerability Database

289,599

CVE-2012-1863