Cross-site Scripting Vulnerability in Microsoft SharePoint and Office Products
CVE-2013-1289

Currently unrated

Key Information:

Vendor: Microsoft
Status: Groove Server; Infopath; Sharepoint Server; Office Web Apps
Vendor: CVE Published:; 9 April 2013

Summary

The vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject malicious web scripts or HTML. This can result in unexpected behavior on the affected web applications and may compromise sensitive information. Proper input validation measures and regular updates are essential to mitigate such risks.

References

http://www.us-cert.gov/ncas/alerts/TA13-100A

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

61% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 9, 2013
Vulnerability Reserved
Jan 12, 2013