Unrated severityNVD Advisory· Published Sep 15, 2011· Updated Jun 16, 2026

CVE-2011-1890

Description

Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Microsoft/Sharepoint Foundation2 versions
cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*
- (no CPE)
Microsoft/Sharepoint Server
cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*
Microsoft/Office SharePoint Server 2007llm-fuzzy

Patches

Vulnerability mechanics

References

www.us-cert.gov/cas/techalerts/TA11-256A.htmlnvdUS Government Resource
docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.016
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000