Cross-Site Scripting Vulnerability in Microsoft InfoPath, Communicator, and SharePoint Products
CVE-2012-2520

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sharepoint Server; Lync; Groove Server; Office Communicator
Vendor: CVE Published:; 9 October 2012

Summary

A cross-site scripting (XSS) vulnerability exists in multiple Microsoft products, allowing remote attackers to inject arbitrary web scripts or HTML content through crafted input strings. This vulnerability affects various iterations of Microsoft InfoPath, Communicator, Lync, and SharePoint products, posing a significant risk to web application security by potentially compromising user sessions and executing malicious scripts within the user's browser.

References

http://www.securityfocus.com/bid/55797

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securitytracker.com/id?1027628

vdb-entryx_refsource_SECTRACK

EPSS Score

28% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 9, 2012
Vulnerability Reserved
May 9, 2012