Microsoft Sharepoint Server 2007 Cross Site Scripting Exploit

The vulnerability exists due to failure in the "/_layouts/help.aspx" script to properly sanitize user-supplied input in "cid0" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
Vulnerabilty ID: 
CVE-2010-0817
Released Date: 
Tuesday, June 22, 2010 - 19:00