Cross-site Scripting Vulnerability in Microsoft Office and SharePoint Products
CVE-2010-1257

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Infopath
Vendor: CVE Published:; 8 June 2010

Summary

A cross-site scripting vulnerability exists in the toStaticHTML API utilized by Microsoft Office InfoPath and SharePoint products. This vulnerability enables remote attackers to inject arbitrary web scripts or HTML through various vectors associated with inadequate input sanitization. A successful exploitation could lead to unauthorized access or manipulation of user data, potentially facilitating further attacks against affected systems. It is essential for users to implement the latest security patches and follow best practices for web application security to mitigate risks associated with this vulnerability.

References

http://support.avaya.com/css/P8/documents/100089747

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/58866

vdb-entryx_refsource_XF

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

44% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 8, 2010
Vulnerability Reserved
Apr 5, 2010