Skip navigation
Menu
Collaboration>File Sharing and Management

Cross-Site Scripting and Spoofing Attacks in Windows SharePoint Services and SharePoint Team Services

Reported February 8, 2005 by Microsoft

VERSIONS AFFECTED

  • Windows SharePoint Services for Windows Server 2003
  • SharePoint Team Services from Microsoft

Non-Affected Software:

  • Windows Server 2003 for Itanium-based systems
  • SharePoint Portal Server 2003 (all versions)
  • SharePoint Portal Server 2001 (all versions)

DESCRIPTION

The cross-site scripting vulnerability could allow an intruder to execute code in the security context of the currently logged on user.

A spoofing attack could take place because input provided to HTML redirection queries is not adequately validated before the input is sent to a user's Web browser.

VENDOR RESPONSE

Microsoft has released Security Bulletin MS05-006, "Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)," and a patch to correct the problem.





TAGS: File Sharing and Management
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
universal print microsoft 365
Microsoft OneDrive Adds Universal Print Capability
Aug 17, 2021
Google Workspace Update Google Smart Canvas.jpg
Google Workspace Update Provides More Reasons to Shift from Microsoft
Jul 21, 2021
OKR systems.jpg
How to Evaluate OKR Systems
Jul 01, 2021
Entrepreneur working late on his computer
Digital Workplace Sessions Episode 1
Jun 25, 2021