Microsoft SharePoint 2007/2010 - 'Source' Multiple Open Redirections

EDB-ID:

36134

CVE:

N/A




Platform:

ASP

Date:

2011-09-14


source: https://www.securityfocus.com/bid/49620/info

Microsoft SharePoint is prone to multiple URI open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.

Successful exploits may redirect a user to a potentially malicious site; this may aid in phishing attacks.

The following products are affected;

Microsoft SharePoint 2007
Microsoft SharePoint 2010 

http://www.example.com/Docs/Lists/Announcements/NewForm.aspx?Source=[xss]