CVE-2010-0817

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server 2007 versions 12.0.0.6421 and earlier Microsoft SharePoint Services 3.0 SP1 and SP2

Description The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the cid0 parameter in the layouts/help.aspx page. The vulnerability is associated with the failure to protect the web page structure, which can lead to remote attackers performing cross-site scripting attacks.

Recommendations For Microsoft SharePoint Server 2007 versions 12.0.0.6421 and earlier, consider restricting access to the layouts/help.aspx page until a fix is available. For Microsoft SharePoint Services 3.0 SP1 and SP2, avoid using the cid0 parameter in the affected page to minimize the risk of exploitation.