Multiple vulnerabilities have been reported in Microsoft SharePoint, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting and spoofing attacks.
1) Certain input is not properly sanitised in the "SafeHTML" API before being returned to the user.
For more information see vulnerability #2:
SA49412
2) Certain unspecified input is not properly sanitised in scriptresx.ashx before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) An error when validating search scope permissions can be exploited to view or modify another user's search scope.
4) Certain unspecified input associated with a username is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
5) Certain unspecified input associated with a URL is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
6) Certain unspecified input associated with a reflected list parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Vulnerable Products
Vulnerable Software: Microsoft Office SharePoint Server 2007Microsoft Office Web AppsMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Microsoft Windows SharePoint Services 2.xMicrosoft Windows SharePoint Services 3.x
