Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Office Infopath
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-1280 1 Microsoft 4 Office Infopath, Sql Server, Sql Server Management Studio Express and 1 more 2024-11-21 4.3 MEDIUM N/A
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."
CVE-2010-1257 1 Microsoft 9 Internet Explorer, Office Infopath, Sharepoint Server and 6 more 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.
CVE-2005-0820 1 Microsoft 1 Office Infopath 2024-11-20 5.0 MEDIUM N/A
Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.