CVE-2010-1257

Currently unrated

Key Information:

Vendor
Microsoft
Status
Office Infopath
Vendor
CVE Published:
8 June 2010

Summary

Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.

References

http://support.avaya.com/css/P8/documents/100089747
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/58866
vdb-entryx_refsource_XF
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.