CVE-2007-2581 (GCVE-0-2007-2581)
Vulnerability from cvelistv5
Published
2007-05-09 21:00
Modified
2024-08-07 13:42
Severity ?
CWE
  • n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
References
cve@mitre.org http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html
cve@mitre.org http://osvdb.org/37630
cve@mitre.org http://secunia.com/advisories/27148 Vendor Advisory
cve@mitre.org http://securityreason.com/securityalert/2682
cve@mitre.org http://securitytracker.com/id?1018789
cve@mitre.org http://www.securityfocus.com/archive/1/467738/100/0/threaded
cve@mitre.org http://www.securityfocus.com/archive/1/467749/100/0/threaded
cve@mitre.org http://www.securityfocus.com/archive/1/482366/100/0/threaded
cve@mitre.org http://www.securityfocus.com/archive/1/482366/100/0/threaded
cve@mitre.org http://www.securityfocus.com/bid/23832
cve@mitre.org http://www.us-cert.gov/cas/techalerts/TA07-282A.html US Government Resource
cve@mitre.org http://www.vupen.com/english/advisories/2007/3439 Vendor Advisory
cve@mitre.org https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-059
cve@mitre.org https://exchange.xforce.ibmcloud.com/vulnerabilities/34343
cve@mitre.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2286
af854a3a-2127-422b-91ae-364da2661108 http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html
af854a3a-2127-422b-91ae-364da2661108 http://osvdb.org/37630
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/27148 Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://securityreason.com/securityalert/2682
af854a3a-2127-422b-91ae-364da2661108 http://securitytracker.com/id?1018789
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/archive/1/467738/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/archive/1/467749/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/archive/1/482366/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/archive/1/482366/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/23832
af854a3a-2127-422b-91ae-364da2661108 http://www.us-cert.gov/cas/techalerts/TA07-282A.html US Government Resource
af854a3a-2127-422b-91ae-364da2661108 http://www.vupen.com/english/advisories/2007/3439 Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-059
af854a3a-2127-422b-91ae-364da2661108 https://exchange.xforce.ibmcloud.com/vulnerabilities/34343
af854a3a-2127-422b-91ae-364da2661108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2286
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:42:33.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:2286",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2286"
          },
          {
            "name": "23832",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23832"
          },
          {
            "name": "MS07-059",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-059"
          },
          {
            "name": "1018789",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018789"
          },
          {
            "name": "20070513 Re: XSS in Microsoft SharePoint",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html"
          },
          {
            "name": "HPSBST02280",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
          },
          {
            "name": "SSRT071480",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
          },
          {
            "name": "37630",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37630"
          },
          {
            "name": "sharepoint-default-pathinfo-xss(34343)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34343"
          },
          {
            "name": "20070504 XSS in Microsoft SharePoint",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/467738/100/0/threaded"
          },
          {
            "name": "27148",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27148"
          },
          {
            "name": "ADV-2007-3439",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3439"
          },
          {
            "name": "2682",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2682"
          },
          {
            "name": "20070505 RE: XSS in Microsoft SharePoint",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/467749/100/0/threaded"
          },
          {
            "name": "TA07-282A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in \"every main page,\" as demonstrated by default.aspx."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:2286",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2286"
        },
        {
          "name": "23832",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23832"
        },
        {
          "name": "MS07-059",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-059"
        },
        {
          "name": "1018789",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018789"
        },
        {
          "name": "20070513 Re: XSS in Microsoft SharePoint",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html"
        },
        {
          "name": "HPSBST02280",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
        },
        {
          "name": "SSRT071480",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
        },
        {
          "name": "37630",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37630"
        },
        {
          "name": "sharepoint-default-pathinfo-xss(34343)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34343"
        },
        {
          "name": "20070504 XSS in Microsoft SharePoint",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/467738/100/0/threaded"
        },
        {
          "name": "27148",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27148"
        },
        {
          "name": "ADV-2007-3439",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3439"
        },
        {
          "name": "2682",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2682"
        },
        {
          "name": "20070505 RE: XSS in Microsoft SharePoint",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/467749/100/0/threaded"
        },
        {
          "name": "TA07-282A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2581",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in \"every main page,\" as demonstrated by default.aspx."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:2286",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2286"
            },
            {
              "name": "23832",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23832"
            },
            {
              "name": "MS07-059",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-059"
            },
            {
              "name": "1018789",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018789"
            },
            {
              "name": "20070513 Re: XSS in Microsoft SharePoint",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html"
            },
            {
              "name": "HPSBST02280",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
            },
            {
              "name": "SSRT071480",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
            },
            {
              "name": "37630",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37630"
            },
            {
              "name": "sharepoint-default-pathinfo-xss(34343)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34343"
            },
            {
              "name": "20070504 XSS in Microsoft SharePoint",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/467738/100/0/threaded"
            },
            {
              "name": "27148",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27148"
            },
            {
              "name": "ADV-2007-3439",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3439"
            },
            {
              "name": "2682",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2682"
            },
            {
              "name": "20070505 RE: XSS in Microsoft SharePoint",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/467749/100/0/threaded"
            },
            {
              "name": "TA07-282A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2581",
    "datePublished": "2007-05-09T21:00:00",
    "dateReserved": "2007-05-09T00:00:00",
    "dateUpdated": "2024-08-07T13:42:33.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2581\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-05-09T21:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in \\\"every main page,\\\" as demonstrated by default.aspx.\"},{\"lang\":\"es\",\"value\":\"Varias vulnerabilidades de tipo cross-site scripting (XSS) en Microsoft Windows SharePoint Services versi\u00f3n 3.0 para Windows Server 2003 y Office SharePoint Server 2007 permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del PATH_INFO (cadena de consulta) en \\\"every main page,\\\" como fue demostrado por default.aspx.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"864B622E-B522-4791-AC82-0711130544BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55C05DB1-03DC-454B-85E5-715938F0E13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_2003:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1C3E579-C133-4B54-8BCB-720AAD9EDD0F\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37630\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27148\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/2682\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1018789\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/467738/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/467749/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/482366/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/482366/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23832\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-282A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3439\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-059\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34343\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2286\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2007-05/0196.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/37630\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27148\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/2682\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1018789\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/467738/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/467749/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/482366/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/482366/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23832\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-282A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3439\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-059\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34343\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2286\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.