Bugtraq: Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server 2001

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server 2001

From: Ory Segal <ory.segal () sanctuminc com>
Date: Mon, 05 Apr 2004 13:12:41 +0200


--[ Security Advisory

--[ Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server
   2001


--[ Author: Ory Segal , Sanctum inc. http://www.SanctumInc.com
--[ Release Date: April 5th. 2004
--[ Product: Microsoft SharePoint Portal Server 2001
--[ Severity: High
--[ CVE: CAN-2004-0379

--[ Description

From Microsoft's web site: "Microsoft SharePoint Portal Server
provides an easy way to create Web portals with integrated document
management services and search capabilities. You can establish a
central point of access to all your existing key business information
and applications, as well as share information across file servers,
databases, public folders, Internet sites, and SharePoint
Team Services-based Web sites."

Sanctum inc. has discovered several Cross Site Scripting
vulnerabilities in three scripts, which are a part of Microsoft
SharePoint Portal server 2001.

These vulnerabilities may lead to theft of cookies associated with the
domain, or execution of client-side scripts in the user's browser.

--[ Solution

Microsoft has addressed these XSS issues in Service Pack 3 of
Microsoft SharePoint Portal Server, which can be downloaded at:
http://www.microsoft.com/downloads/details.aspx?FamilyId=15677A92-3470-465F-9F63-E621094103E0&displaylang=en


--[ Greets

Happy Passover!

By Date By Thread

Current thread:

Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server 2001 Ory Segal (Apr 05)