Microsoft Sharepoint Server 2007 Cross Site Scripting Exploit

The vulnerability exists due to failure in the "/_layouts/help.aspx" script to properly sanitize user-supplied input in "cid0" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
Platform: 
Vulnerabilty ID: 
CVE-2010-0817
Product Version: 
10.5
Released Date: 
Wednesday, June 23, 2010 - 00:00