CVE-2010-0716
Description
_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting (XSS) in SharePoint Documents module via same-origin file upload by authenticated users.
Vulnerability
The _layouts/Upload.aspx endpoint in the Documents module of Microsoft SharePoint before 2010 uses the same hostname and port for primary website files and individual user uploads. This design allows remote authenticated users to exploit same-origin relationships by uploading a specially crafted TXT file, leading to cross-site scripting (XSS). The vulnerability affects all SharePoint versions prior to the 2010 release.
Exploitation
An attacker must be an authenticated user of the SharePoint site. No additional privileges or user interaction are required. The attacker uploads a malicious TXT file containing JavaScript code via the Upload.aspx page. When other users access the uploaded file, the script executes in the context of the SharePoint site.
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the browser of any user viewing the malicious file. This can lead to data theft, session hijacking, or defacement within the SharePoint site's security context.
Mitigation
Microsoft recommends upgrading to SharePoint 2010, which introduces cross-domain isolation to prevent this attack. The vendor disputes the severity, noting that organizations can implement additional cross-domain isolation measures. No official workaround or patch for earlier versions has been provided.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4cpe:2.3:a:microsoft:sharepoint_server:2007:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:sharepoint_server:2007:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_server:*:sp2:*:*:*:*:*:*range: <=2007
- Range: <2010
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.