 
Bugtraq mailing list archives
Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server 2001
From: Ory Segal <ory.segal () sanctuminc com>
Date: Mon, 05 Apr 2004 13:12:41 +0200
--[ Security Advisory --[ Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server 2001 --[ Author: Ory Segal , Sanctum inc. http://www.SanctumInc.com --[ Release Date: April 5th. 2004 --[ Product: Microsoft SharePoint Portal Server 2001 --[ Severity: High --[ CVE: CAN-2004-0379 --[ Description From Microsoft's web site: "Microsoft SharePoint Portal Server provides an easy way to create Web portals with integrated document management services and search capabilities. You can establish a central point of access to all your existing key business information and applications, as well as share information across file servers, databases, public folders, Internet sites, and SharePoint Team Services-based Web sites." Sanctum inc. has discovered several Cross Site Scripting vulnerabilities in three scripts, which are a part of Microsoft SharePoint Portal server 2001. These vulnerabilities may lead to theft of cookies associated with the domain, or execution of client-side scripts in the user's browser. --[ Solution Microsoft has addressed these XSS issues in Service Pack 3 of Microsoft SharePoint Portal Server, which can be downloaded at: http://www.microsoft.com/downloads/details.aspx?FamilyId=15677A92-3470-465F-9F63-E621094103E0&displaylang=en --[ Greets Happy Passover!
Current thread:
- Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server 2001 Ory Segal (Apr 05)


