Severity rating


Discovered date

Attack vector

Authentication required

Public exploits available

Signature detection

On this page


An Information Disclosure vulnerability exists in the way that HTML is filtered that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.


An attacker who successfully exploited the vulnerability could perform cross-site scripting attacks against users of a targeted site that uses SafeHTML to sanitize HTML. An attacker could then potentially run script on behalf of a victim user on the site.

Technical details (analysis)

Cross-site scripting (XSS) is a class of security vulnerability that can enable an attacker to "inject" script code into a user's session with a Web site. The vulnerability can affect Web servers that dynamically generate HTML pages. If these servers embed browser input in the dynamic pages that they send back to the browser, these servers can be manipulated to include maliciously supplied content in the dynamic pages. This can allow malicious script to be executed. Web browsers may perpetuate this problem through their assumptions of "trusted" sites and their use of cookies to maintain persistent state with the Web sites that they frequent. An XSS attack does not modify Web site content. Instead, it inserts new, malicious script that can execute at the browser in the context that is associated with a trusted server.

Affected software

Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32-bit versions)
Microsoft Windows SharePoint Services 3.0 Service Pack 2 (64-bit versions)
Microsoft SharePoint Server 2007 Service Pack 2 (32-bit editions)
Microsoft SharePoint Server 2007 Service Pack 2 (64-bit editions)

Non-affected software

All applications not on the affected list.



NIS signature

Name: Plcy:Win/HTTP.SafeHTML2.XSS!2010-3324
Release Date: 2010-10-12T00:00:00

Known false positives

This signature can cause false positives if you are not running any of the affected software versions or if you've already applied the patch


Read e-mails in plain text
Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones