VYPR
Unrated severityNVD Advisory· Published Nov 10, 2008· Updated Jun 16, 2026

CVE-2008-5026

CVE-2008-5026

Description

Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents.

Affected products

2
  • cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.