CVE-2010-0716

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint versions prior to 2010

Description The issue allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading TXT files. This is due to the use of URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files in the layouts/Upload.aspx file of the Documents module. The vendor disputes the significance of this issue, citing the possibility of implementing cross-domain isolation when needed.

Recommendations For Microsoft SharePoint versions prior to 2010, consider restricting access to the layouts/Upload.aspx file in the Documents module to minimize the risk of exploitation. As a temporary workaround, consider disabling the upload of TXT files until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.