Vulnerabilities > Microsoft > Sharepoint Services
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-09-15 | CVE-2011-1891 | Cross-Site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Services Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." | 4.3 |
| 2010-09-17 | CVE-2010-3324 | Cross-Site Scripting vulnerability in Microsoft products The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. | 4.3 |
| 2010-06-08 | CVE-2010-1264 | Remote Denial of Service vulnerability in Microsoft Sharepoint Services 3.0 Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." | 4.0 |
| 2010-04-29 | CVE-2010-0817 | Cross-Site Scripting vulnerability in Microsoft Sharepoint Server and Sharepoint Services Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. | 4.3 |
| 2007-05-09 | CVE-2007-2581 | Cross-Site Scripting vulnerability in Microsoft products Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. | 4.3 |
| 2004-01-20 | CVE-2003-0904 | Information Exposure vulnerability in Microsoft products Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. | 6.0 |