CVE-2013-1289

Currently unrated

Key Information:

Vendor
Microsoft
Status
Groove Server
Infopath
Sharepoint Server
Office Web Apps
Vendor
CVE Published:
9 April 2013

Summary

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

References

http://www.us-cert.gov/ncas/alerts/TA13-100A
third-party-advisoryx_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

84% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.