locked
DOM-based Cross Site Scripting Vulnerability in SharePoint 2007 RRS feed

  • Question

  • Hi, Our Security team gave below Vulnerability list in SharePoint 2007 farm, please let me know how to resolve it:

    ----------------------------------------Vulnerability 1--------------------------------------------------------------

    DOM-based Cross Site Scripting Vulnerability

    "In http://qa.worldoffice.com/_layouts/1033/EditingMenu.js?rev=t%2F%2FbsNSSIkhBdf5FIbzrwg%3D%3D (http://qa.worldoffice.com/_layouts/1033/EditingMenu.js?rev=t%2F%2FbsNSSIkhBdf5FIbzrwg%3D%3D)
     * Line 135:Unsafe client output calling req.send() with tainted arg

     * Line 135:String concatenation with user-controlled value

     * Line 135:String concatenation with user-controlled value

     * Line 135:String concatenation with user-controlled value

     * Line 135:String concatenation with user-controlled value

     * Line 135:String concatenation with user-controlled value

     * Line 135:Result of taint-preserving function call on user-controlled value

     * Line 135:""document.URL.split..split..toLowerCase"" is controlled by the user"

    ----------------------------------------Vulnerability 2--------------------------------------------------------------

    DOM-based Cross Site Scripting Vulnerability

    "In http://qa.worldoffice.com/_layouts/1033/core.js?rev=mHKsOQ0iU3Q5jdm9OZNDdg%3D%3D (http://qa.worldoffice.com/_layouts/1033/core.js?rev=mHKsOQ0iU3Q5jdm9OZNDdg%3D%3D)
     * Line 4497:Unsafe client output setting document.cookie to tainted value

     * Line 4497:String concatenation with user-controlled value

     * Line 2899:Assignment of ""path"" to user-controlled value

     * Line 2899:String concatenation with user-controlled value

     * Line 2899:String concatenation with user-controlled value

     * Line 2899:String concatenation with user-controlled value

     * Line 2899:String concatenation with user-controlled value

     * Line 2899:String concatenation with user-controlled value

     * Line 2899:String concatenation with user-controlled value

     * Line 2899:String concatenation with user-controlled value

     * Line 2899:String concatenation with user-controlled value

     * Line 2882:Assignment of ""path"" to user-controlled value

     * Line 2882:String concatenation with user-controlled value

     * Line 2882:String concatenation with user-controlled value

     * Line 2882:String concatenation with user-controlled value

     * Line 2882:String concatenation with user-controlled value

     * Line 2882:String concatenation with user-controlled value

     * Line 2871:Initialization of ""source"" from user-controlled value

     * Line 2871:""window.location.href"" is controlled by the user"

    ----------------------------------------------Vulnerability 3------------------------------------------------------

    Cross Site   Scripting Vulnerability

    "Injected into the ""d"" URL parameter (Using method GET) in  http://www.worldoffice.ca/WebResource.axd?d=test  by changing the URL to  <script>474877110">http://www.worldoffice.ca/WebResource.axd?d=\""><script>474877110


    1: <!DOCTYPE HTML PUBLIC ""-//IETF//DTD HTML 2.0//EN""> 2: <html><head> 3: <title>302 Found</title> 4: </head><body> 5: ...itment.html?d=\""><script>474877110"">here</a>.</p>"

     

    Wednesday, July 13, 2016 12:34 PM

Answers

  • I contacted Microsoft and did not found any solution. the only solution is to upgrade SharePoint version.

    • Marked as answer by Prakash KSingh Wednesday, October 26, 2016 11:27 AM
    Wednesday, October 26, 2016 11:27 AM

All replies

  • any suggestions? I am facing the same issue.
    Monday, July 25, 2016 2:39 PM
  • I contacted Microsoft and did not found any solution. the only solution is to upgrade SharePoint version.

    • Marked as answer by Prakash KSingh Wednesday, October 26, 2016 11:27 AM
    Wednesday, October 26, 2016 11:27 AM