HTTP: Microsoft SharePoint Server Parameter Injection Cross-Site Scripting

This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint. Attackers can potentially inject javascript allowing the attacker to issue commands in the context of the SharePoint server.

Extended Description

Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."

Affected Products

Microsoft sharepoint_server

References

BugTraq: 62800

CVE: CVE-2013-3895

Short Name
HTTP:XSS:MS-SHAREPOINT-PARAM
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2013-3895 Cross-Site Injection Microsoft Parameter Scripting Server SharePoint bid:62800
Release Date
11/26/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Unknown
Vendors

Microsoft

CVSS Score

6.8

Found a potential security threat?