Unrated severityNVD Advisory· Published Apr 29, 2010· Updated Jun 16, 2026
CVE-2010-0817
CVE-2010-0817
Description
Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:microsoft:sharepoint_server:2007:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:microsoft:sharepoint_server:2007:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_services:3.0:sp1:x32:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_services:3.0:sp1:x64:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*
- (no CPE)range: <=12.0.0.6421
- Range: SP1, SP2
Patches
Vulnerability mechanics
References
5- www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.htmlnvdExploit
- www.us-cert.gov/cas/techalerts/TA10-159B.htmlnvdUS Government Resource
- www.securityfocus.com/archive/1/511021/100/0/threadednvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7468nvd
News mentions
0No linked articles in our index yet.