HTTP: Multiple Vendors XSS Cross Site Scripting

This signature detects attempts to exploit a known vulnerability against multiple vendors. A successful attack can lead to arbitrary code execution.

Extended Description

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

Affected Products

Microsoft office_web_apps

References

BugTraq: 58883

CVE: CVE-2017-6699

Short Name
HTTP:STC:HTML-XSS
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2013-1289 CVE-2017-6699 Cross Multiple Scripting Site Vendors XSS bid:58883
Release Date
04/08/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Rarely
Vendors

Microsoft

CVSS Score

4.3

Found a potential security threat?