Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft SharePoint ' _layouts/Upload.aspx' 跨站脚本攻击漏洞
Vulnerability Description
Microsoft SharePoint的文档模块的_layouts/Upload.aspx中存在跨站脚本漏洞。使用带有相同主机名和端口号的URLs作为web站点主要文件和私人用户上传文件,允许远程认证用户改变同源关系以及导致TXT上传文件的跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A