漏洞类别:Office Application
漏洞等级: 
漏洞信息
A cross-site scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server.(CVE-2017-8654) This security updates contain following KBs:
KB2956077
Affected Version:
Service Pack 2 for Microsoft SharePoint Server 2010. QID Detection Logic (Authenticated):
This QID checks for the file version of Microsoft.Office.Server.Search.dll
漏洞危害
An attacker who successfully exploited the vulnerability could perform cross-site scripting attacks on affected systems and run script in the security context of the current user.
解决方案
Customers are advised to refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论