NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2007-2581

Summary	Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
Publication Date	May 10, 2007, 6:19 a.m.
Registration Date	Jan. 29, 2021, 2:12 p.m.
Last Update	Oct. 17, 2018, 1:44 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:microsoft:sharepoint_server:2007:::::::*
cpe:2.3:a:microsoft:sharepoint_services:3.0:::::::*
cpe:2.3:a:microsoft:windows_2003::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html	BUGTRAQ
2	http://osvdb.org/37630	OSVDB
3	http://secunia.com/advisories/27148	SECUNIA	Vendor Advisory
4	http://securityreason.com/securityalert/2682	SREASON
5	http://securitytracker.com/id?1018789	SECTRACK
6	http://www.securityfocus.com/archive/1/467738/100/0/threaded	BUGTRAQ
7	http://www.securityfocus.com/archive/1/467749/100/0/threaded	BUGTRAQ
8	http://www.securityfocus.com/archive/1/482366/100/0/threaded	HP
9	http://www.securityfocus.com/bid/23832	BID
10	http://www.us-cert.gov/cas/techalerts/TA07-282A.html	CERT	US Government Resource
11	http://www.vupen.com/english/advisories/2007/3439	VUPEN	Vendor Advisory
12	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-059	MS
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/34343	XF
14	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2286	OVAL

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html