CVE-2010-0716 - OpenCVE

_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Sharepoint Server

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:sharepoint_server::sp2::::::*
	cpe:2.3:a:microsoft:sharepoint_server:2007:::::::*
	cpe:2.3:a:microsoft:sharepoint_server:2007:sp1::::::

No data.

References

Link	Providers
http://www.hacktics.com/content/advisories/AdvMS20100222.html
http://www.securityfocus.com/archive/1/509683/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/56597

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-02-26T19:00:00

Updated: 2024-08-07T00:59:39.022Z

Reserved: 2010-02-26T00:00:00

Link: CVE-2010-0716

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-02-26T19:30:00.807

Modified: 2018-10-10T19:53:27.857

Link: CVE-2010-0716

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-02-22T00:00:00", "descriptions": [{"lang": "en", "value": "_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "sharepoint-aspx-xss(56597)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56597"}, {"tags": ["x_refsource_MISC"], "url": "http://www.hacktics.com/content/advisories/AdvMS20100222.html"}, {"name": "20100222 Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/509683/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0716", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "sharepoint-aspx-xss(56597)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56597"}, {"name": "http://www.hacktics.com/content/advisories/AdvMS20100222.html", "refsource": "MISC", "url": "http://www.hacktics.com/content/advisories/AdvMS20100222.html"}, {"name": "20100222 Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/509683/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:59:39.022Z"}, "title": "CVE Program Container", "references": [{"name": "sharepoint-aspx-xss(56597)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56597"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.hacktics.com/content/advisories/AdvMS20100222.html"}, {"name": "20100222 Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/509683/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0716", "datePublished": "2010-02-26T19:00:00", "dateReserved": "2010-02-26T00:00:00", "dateUpdated": "2024-08-07T00:59:39.022Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "684DF2AD-1436-4976-8DF1-1B5D7162E8D9", "versionEndIncluding": "2007", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:*:*:*:*:*:*:*", "matchCriteriaId": "864B622E-B522-4791-AC82-0711130544BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "CF3C2971-447B-4054-86C6-3169B82E525B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed."}, {"lang": "es", "value": "_layouts/Upload.aspx en el modulo \"Documents\" en Microsoft SharePoint anteriores a 2010 usa URLs con el mismo nombre de servidor y n\u00famero de puerto para ficheros principales del sitio y los subidos por usuarios individuales (tambi\u00e9n conocidos como adjuntados), lo que permite a usuarios remotos autenticados fortalecer las relaciones del mismo origen y conducir ataques de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) subiendo ficheros TXT, relacionado con CVE-2008-5026. NOTA: el desarrollador ha disputado la importancia de este vulnerabilidad debido a que se puede aislar el dominio cruzado cuando se necesite."}], "id": "CVE-2010-0716", "lastModified": "2018-10-10T19:53:27.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-02-26T19:30:00.807", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.hacktics.com/content/advisories/AdvMS20100222.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/509683/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56597"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}