Cross-Site Scripting Vulnerability in Windows SharePoint Services by Microsoft
CVE-2005-0049

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sharepoint Team Services; Sharepoint Portal Server
Vendor: CVE Published:; 2 May 2005

Summary

Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 has a flaw in the validation of HTTP redirection queries. This issue allows attackers to exploit the vulnerability by injecting arbitrary HTML and web scripts via cross-site scripting techniques or by spoofing the web cache. This could lead to unauthorized actions on behalf of users and expose sensitive data.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/19091

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/340409

third-party-advisoryx_refsource_CERT-VN

http://www.us-cert.gov/cas/techalerts/TA05-039A.html

third-party-advisoryx_refsource_CERT

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Jan 11, 2005