cvelistv5 - CVE-2011-1893

CVE-2011-1893 (GCVE-0-2011-1893)

Vulnerability from cvelistv5 – Published: 2011-09-15 10:00 – Updated: 2024-08-06 22:46

Summary

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.us-cert.gov/cas/techalerts/TA11-256A.html	third-party-advisoryx_refsource_CERT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:46:00.833Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS11-074",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
          },
          {
            "name": "oval:org.mitre.oval:def:12676",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676"
          },
          {
            "name": "TA11-256A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS11-074",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
        },
        {
          "name": "oval:org.mitre.oval:def:12676",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676"
        },
        {
          "name": "TA11-256A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1893",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS11-074",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
            },
            {
              "name": "oval:org.mitre.oval:def:12676",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676"
            },
            {
              "name": "TA11-256A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-1893",
    "datePublished": "2011-09-15T10:00:00",
    "dateReserved": "2011-05-04T00:00:00",
    "dateUpdated": "2024-08-06T22:46:00.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35DF86AB-DCB4-496C-84EF-720E90BFA368\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"858F70F4-3128-477D-ACAA-73F0AFA23A2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*\", \"matchCriteriaId\": \"CF40F903-0026-4673-89A3-6F889D877E2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"376C9A84-74B1-4717-B88E-153ADD7D686D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \\\"SharePoint XSS Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ejecuci\\u00f3n de comandos en sitios cruzados (XSS) en Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 y 3.0 SP2, y SharePoint Server 2010 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\\u00e9s de la URI. Problema tambi\\u00e9n conocido como \\\"Vulnerabilidad XSS de SharePoint.\\\"\"}]",
      "id": "CVE-2011-1893",
      "lastModified": "2024-11-21T01:27:15.783",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-09-15T12:26:48.697",
      "references": "[{\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-256A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-256A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1893\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2011-09-15T12:26:48.697\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \\\"SharePoint XSS Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 y 3.0 SP2, y SharePoint Server 2010 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la URI. Problema tambi\u00e9n conocido como \\\"Vulnerabilidad XSS de SharePoint.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35DF86AB-DCB4-496C-84EF-720E90BFA368\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"858F70F4-3128-477D-ACAA-73F0AFA23A2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*\",\"matchCriteriaId\":\"CF40F903-0026-4673-89A3-6F889D877E2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"376C9A84-74B1-4717-B88E-153ADD7D686D\"}]}]}],\"references\":[{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-256A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-256A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-FQ96-CMP6-CVXQ

Vulnerability from github – Published: 2022-05-14 02:35 – Updated: 2022-05-14 02:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1893"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-09-15T12:26:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\"",
  "id": "GHSA-fq96-cmp6-cvxq",
  "modified": "2022-05-14T02:35:50Z",
  "published": "2022-05-14T02:35:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1893"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2011-AVI-514

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft SharePoint permettent à une personne malintentionnée d'élever ses privilèges sur le système.

Description

Plusieurs vulnérabilités dans Microsoft SharePoint ont été découvertes :

une vulnérabilité de type injection de code indirecte permet à une personne malintentionnée de porter atteinte à la confidentialité des données ou d'élever ses privilèges sur le système vulnérable via une adresse réticulaire spécialement conçue contenant du JavaScript (CVE-2011-0653) ;
une erreur dans la fonction SafeHTML permet d'effectuer une injection de code indirecte (CVE-2011-1252) ;
une injection de code JavaScript malveillant est possible via un site Web spécialement conçu. L'exploitation de cette vulnérabilité permet une injection de code indirecte, une atteinte à la confidentialité des données et une élevation de privilèges (CVE-2011-1890) ;
une injection de code indirecte est possible via une vulnérabilité non détaillée (CVE-2011-1891) ;
une atteinte à la confidentialité des données est possible via un fichier XML spécialement conçu (CVE-2011-1892) ;
une injection de code JavaScript encodé dans une adresse réticulaire spécialement conçue permet à une personne malintentionnée de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système (CVE-2011-1893).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office Groove Management Server 2007 Service Pack 2 ;
Microsoft	N/A	Microsoft SharePoint Foundation 2010 ;
Microsoft	N/A	Microsoft Groove Server 2010 ;
Microsoft	N/A	Microsoft SharePoint Workspace 2010 Service Pack 1 (32 bits et 64 bits) ;
Microsoft	Office	Microsoft Office SharePoint Server 2010 ;
Microsoft	Windows	Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32 bits et 64 bits) ;
Microsoft	Office	Microsoft Office Groove 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office Groove Data Bridge Server 2007 Service Pack 2 ;
Microsoft	N/A	Microsoft SharePoint Foundation 2010 Service Pack 1 ;
Microsoft	Office	Microsoft Office Web Apps 2010 Service Pack 1.
Microsoft	Office	Microsoft Office Web Apps 2010 ;
Microsoft	Office	Microsoft Office SharePoint Server 2010 Service Pack 1 ;
Microsoft	Office	Microsoft Office SharePoint Server 2007 Service Pack 2 (32 bits et 64 bits) ;
Microsoft	Office	Microsoft Office Forms Server 2007 Service Pack 2 (32 bits et 64 bits) ;
Microsoft	N/A	Microsoft Groove Server 2010 Service Pack 1 ;
Microsoft	Windows	Microsoft Windows SharePoint Services 2.0 ;
Microsoft	N/A	Microsoft SharePoint Workspace 2010 (32 bits et 64 bits) ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsost MS11-074 du 13 septembre 2011	None	vendor-advisory
Bulletin de sécurité Microsoft MS11-074 du 13 septembre 2011 :	-	other
Bulletin de sécurité Microsoft MS11-074 du 13 septembre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office Groove Management Server 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Foundation 2010 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Groove Server 2010 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Workspace 2010 Service Pack 1 (32 bits et 64 bits) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office SharePoint Server 2010 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32 bits et 64 bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Groove 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Groove Data Bridge Server 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Foundation 2010 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2010 Service Pack 1.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2010 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office SharePoint Server 2010 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office SharePoint Server 2007 Service Pack 2 (32 bits et 64 bits) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Forms Server 2007 Service Pack 2 (32 bits et 64 bits) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Groove Server 2010 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows SharePoint Services 2.0 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Workspace 2010 (32 bits et 64 bits) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans Microsoft SharePoint ont \u00e9t\u00e9 d\u00e9couvertes :\n\n-   une vuln\u00e9rabilit\u00e9 de type injection de code indirecte permet \u00e0 une\n    personne malintentionn\u00e9e de porter atteinte \u00e0 la confidentialit\u00e9 des\n    donn\u00e9es ou d\u0027\u00e9lever ses privil\u00e8ges sur le syst\u00e8me vuln\u00e9rable via une\n    adresse r\u00e9ticulaire sp\u00e9cialement con\u00e7ue contenant du JavaScript\n    (CVE-2011-0653) ;\n-   une erreur dans la fonction SafeHTML permet d\u0027effectuer une\n    injection de code indirecte (CVE-2011-1252) ;\n-   une injection de code JavaScript malveillant est possible via un\n    site Web sp\u00e9cialement con\u00e7u. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n    permet une injection de code indirecte, une atteinte \u00e0 la\n    confidentialit\u00e9 des donn\u00e9es et une \u00e9levation de privil\u00e8ges\n    (CVE-2011-1890) ;\n-   une injection de code indirecte est possible via une vuln\u00e9rabilit\u00e9\n    non d\u00e9taill\u00e9e (CVE-2011-1891) ;\n-   une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es est possible via un\n    fichier XML sp\u00e9cialement con\u00e7u (CVE-2011-1892) ;\n-   une injection de code JavaScript encod\u00e9 dans une adresse r\u00e9ticulaire\n    sp\u00e9cialement con\u00e7ue permet \u00e0 une personne malintentionn\u00e9e de porter\n    atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et d\u0027\u00e9lever ses privil\u00e8ges\n    sur le syst\u00e8me (CVE-2011-1893).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1890"
    },
    {
      "name": "CVE-2011-1892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1892"
    },
    {
      "name": "CVE-2011-0653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0653"
    },
    {
      "name": "CVE-2011-1891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1891"
    },
    {
      "name": "CVE-2011-1252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1252"
    },
    {
      "name": "CVE-2011-1893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1893"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-074 du 13 septembre    2011 :",
      "url": "http://technet.microsoft.com/fr-fr/security/bulletin/MS11-074"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-074 du 13 septembre    2011 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-074.mspx"
    }
  ],
  "reference": "CERTA-2011-AVI-514",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft SharePoint permettent \u00e0 une\npersonne malintentionn\u00e9e d\u0027\u00e9lever ses privil\u00e8ges sur le syst\u00e8me.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft SharePoint",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsost MS11-074 du 13 septembre 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-514

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft SharePoint permettent à une personne malintentionnée d'élever ses privilèges sur le système.

Description

Plusieurs vulnérabilités dans Microsoft SharePoint ont été découvertes :

une vulnérabilité de type injection de code indirecte permet à une personne malintentionnée de porter atteinte à la confidentialité des données ou d'élever ses privilèges sur le système vulnérable via une adresse réticulaire spécialement conçue contenant du JavaScript (CVE-2011-0653) ;
une erreur dans la fonction SafeHTML permet d'effectuer une injection de code indirecte (CVE-2011-1252) ;
une injection de code JavaScript malveillant est possible via un site Web spécialement conçu. L'exploitation de cette vulnérabilité permet une injection de code indirecte, une atteinte à la confidentialité des données et une élevation de privilèges (CVE-2011-1890) ;
une injection de code indirecte est possible via une vulnérabilité non détaillée (CVE-2011-1891) ;
une atteinte à la confidentialité des données est possible via un fichier XML spécialement conçu (CVE-2011-1892) ;
une injection de code JavaScript encodé dans une adresse réticulaire spécialement conçue permet à une personne malintentionnée de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système (CVE-2011-1893).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office Groove Management Server 2007 Service Pack 2 ;
Microsoft	N/A	Microsoft SharePoint Foundation 2010 ;
Microsoft	N/A	Microsoft Groove Server 2010 ;
Microsoft	N/A	Microsoft SharePoint Workspace 2010 Service Pack 1 (32 bits et 64 bits) ;
Microsoft	Office	Microsoft Office SharePoint Server 2010 ;
Microsoft	Windows	Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32 bits et 64 bits) ;
Microsoft	Office	Microsoft Office Groove 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office Groove Data Bridge Server 2007 Service Pack 2 ;
Microsoft	N/A	Microsoft SharePoint Foundation 2010 Service Pack 1 ;
Microsoft	Office	Microsoft Office Web Apps 2010 Service Pack 1.
Microsoft	Office	Microsoft Office Web Apps 2010 ;
Microsoft	Office	Microsoft Office SharePoint Server 2010 Service Pack 1 ;
Microsoft	Office	Microsoft Office SharePoint Server 2007 Service Pack 2 (32 bits et 64 bits) ;
Microsoft	Office	Microsoft Office Forms Server 2007 Service Pack 2 (32 bits et 64 bits) ;
Microsoft	N/A	Microsoft Groove Server 2010 Service Pack 1 ;
Microsoft	Windows	Microsoft Windows SharePoint Services 2.0 ;
Microsoft	N/A	Microsoft SharePoint Workspace 2010 (32 bits et 64 bits) ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsost MS11-074 du 13 septembre 2011	None	vendor-advisory
Bulletin de sécurité Microsoft MS11-074 du 13 septembre 2011 :	-	other
Bulletin de sécurité Microsoft MS11-074 du 13 septembre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office Groove Management Server 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Foundation 2010 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Groove Server 2010 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Workspace 2010 Service Pack 1 (32 bits et 64 bits) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office SharePoint Server 2010 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32 bits et 64 bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Groove 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Groove Data Bridge Server 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Foundation 2010 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2010 Service Pack 1.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2010 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office SharePoint Server 2010 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office SharePoint Server 2007 Service Pack 2 (32 bits et 64 bits) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Forms Server 2007 Service Pack 2 (32 bits et 64 bits) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Groove Server 2010 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows SharePoint Services 2.0 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Workspace 2010 (32 bits et 64 bits) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans Microsoft SharePoint ont \u00e9t\u00e9 d\u00e9couvertes :\n\n-   une vuln\u00e9rabilit\u00e9 de type injection de code indirecte permet \u00e0 une\n    personne malintentionn\u00e9e de porter atteinte \u00e0 la confidentialit\u00e9 des\n    donn\u00e9es ou d\u0027\u00e9lever ses privil\u00e8ges sur le syst\u00e8me vuln\u00e9rable via une\n    adresse r\u00e9ticulaire sp\u00e9cialement con\u00e7ue contenant du JavaScript\n    (CVE-2011-0653) ;\n-   une erreur dans la fonction SafeHTML permet d\u0027effectuer une\n    injection de code indirecte (CVE-2011-1252) ;\n-   une injection de code JavaScript malveillant est possible via un\n    site Web sp\u00e9cialement con\u00e7u. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n    permet une injection de code indirecte, une atteinte \u00e0 la\n    confidentialit\u00e9 des donn\u00e9es et une \u00e9levation de privil\u00e8ges\n    (CVE-2011-1890) ;\n-   une injection de code indirecte est possible via une vuln\u00e9rabilit\u00e9\n    non d\u00e9taill\u00e9e (CVE-2011-1891) ;\n-   une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es est possible via un\n    fichier XML sp\u00e9cialement con\u00e7u (CVE-2011-1892) ;\n-   une injection de code JavaScript encod\u00e9 dans une adresse r\u00e9ticulaire\n    sp\u00e9cialement con\u00e7ue permet \u00e0 une personne malintentionn\u00e9e de porter\n    atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et d\u0027\u00e9lever ses privil\u00e8ges\n    sur le syst\u00e8me (CVE-2011-1893).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1890"
    },
    {
      "name": "CVE-2011-1892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1892"
    },
    {
      "name": "CVE-2011-0653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0653"
    },
    {
      "name": "CVE-2011-1891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1891"
    },
    {
      "name": "CVE-2011-1252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1252"
    },
    {
      "name": "CVE-2011-1893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1893"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-074 du 13 septembre    2011 :",
      "url": "http://technet.microsoft.com/fr-fr/security/bulletin/MS11-074"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-074 du 13 septembre    2011 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-074.mspx"
    }
  ],
  "reference": "CERTA-2011-AVI-514",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft SharePoint permettent \u00e0 une\npersonne malintentionn\u00e9e d\u0027\u00e9lever ses privil\u00e8ges sur le syst\u00e8me.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft SharePoint",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsost MS11-074 du 13 septembre 2011",
      "url": null
    }
  ]
}

FKIE_CVE-2011-1893

Vulnerability from fkie_nvd - Published: 2011-09-15 12:26 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA11-256A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA11-256A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676

Impacted products

Vendor	Product	Version
microsoft	sharepoint_foundation	2010
microsoft	sharepoint_server	2010
microsoft	sharepoint_services	2.0
microsoft	sharepoint_services	3.0
microsoft	sharepoint_services	3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "35DF86AB-DCB4-496C-84EF-720E90BFA368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "858F70F4-3128-477D-ACAA-73F0AFA23A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "CF40F903-0026-4673-89A3-6F889D877E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "376C9A84-74B1-4717-B88E-153ADD7D686D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 y 3.0 SP2, y SharePoint Server 2010 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la URI. Problema tambi\u00e9n conocido como \"Vulnerabilidad XSS de SharePoint.\""
    }
  ],
  "id": "CVE-2011-1893",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-09-15T12:26:48.697",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-1893

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1893

Aliases

CVE-2011-1893

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1893",
    "description": "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\"",
    "id": "GSD-2011-1893"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1893"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\"",
      "id": "GSD-2011-1893",
      "modified": "2023-12-13T01:19:07.565274Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2011-1893",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MS11-074",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
          },
          {
            "name": "oval:org.mitre.oval:def:12676",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676"
          },
          {
            "name": "TA11-256A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1893"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA11-256A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12676",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676"
            },
            {
              "name": "MS11-074",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T22:01Z",
      "publishedDate": "2011-09-15T12:26Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1893 (GCVE-0-2011-1893)

GHSA-FQ96-CMP6-CVXQ

CERTA-2011-AVI-514

Description

Solution

CERTA-2011-AVI-514

Description

Solution

FKIE_CVE-2011-1893

GSD-2011-1893

Tags

Sightings

Nomenclature