• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft SharePoint Portal Server Unspecified Cross-Site Scripting Vulnerabilities

It has been reported that SharePoint Portal Server may be affected by multiple unspecified cross-site scripting vulnerabilities that could allow an attacker to execute arbitrary HTML or script code in a victim user's browser. These issues allow for theft of cookie-based authentication credentials or other attacks.

Microsoft has released SharePoint Portal Server 2001 Service Pack 3 to address these issues. All prior versions of the server are assumed to be prone to these vulnerabilities. It is not known if later releases, such as Microsoft SharePoint Portal Server 2003, are affected by these issues.