{"vuid":"VU#340409","idnumber":"340409","name":"Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting vulnerabilities","keywords":["MS05-006","SharePoint","cross-site scripting","spoofing"],"overview":"Microsoft Windows SharePoint Services and SharePoint Team Services contain cross-site scripting vulnerabilities. These vulnerabilities could be exploited to execute arbitrary code in the security context of the affected user.","clean_desc":"Microsoft Windows SharePoint Services for Windows Server 2003 and SharePoint Team Services are used to create collaborative Web sites. Versions of Microsoft SharePoint software contain several cross-site scripting vulnerabilities caused by insufficient validation of data used as input to HTML redirection queries. The output of such queries may contain malicious script that if executed, could lead to arbitrary code of an attacker's choice being run in the security context of the affected user.","impact":"These vulnerabilities could be exploited to execute arbitrary code in the security context of the affected user. In addition, per  Microsoft Security Bulletin MS05-006: It may also be possible for an attacker to exploit this vulnerability to modify Web browser caches and intermediate proxy server caches, and put spoofed content in those caches.","resolution":"Apply a patch from the vendor Microsoft has published Microsoft Security Bulletin MS05-006 in response to this issue. Users are encouraged to review this bulletin and apply the patches it refers to.","workarounds":"","sysaffected":"","thanks":"Thanks to Microsoft for reporting this vulnerability in Microsoft Security Bulletin \nMS05-006","author":"This document was written by Jeffrey S. Havrilla.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","5","-","0","0","6",".","m","s","p","x"],"cveids":["CVE-2005-0049"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-02-08T19:38:43Z","publicdate":"2005-02-08T00:00:00Z","datefirstpublished":"2005-02-09T00:16:30Z","dateupdated":"2005-02-09T00:17:08Z","revision":7,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"15","cam_population":"10","cam_impact":"18","cam_easeofexploitation":"8","cam_attackeraccessrequired":"16","cam_scorecurrent":"15.12","cam_scorecurrentwidelyknown":"15.12","cam_scorecurrentwidelyknownexploited":"23.76","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":15.12,"vulnote":null}