Vigil@nce - Microsoft SharePoint: Cross Site Scripting of List
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can trigger a Cross Site Scripting in
Microsoft SharePoint, in order to execute JavaScript code in the
context of other users.
Impacted products: MOSS
Severity: 2/4
Creation date: 12/11/2014
DESCRIPTION OF THE VULNERABILITY
The Microsoft SharePoint product offers a web service.
However, an authenticated used can alter a list, which is then
inserted in HTML documents generated for other users.
An authenticated attacker can therefore trigger a Cross Site
Scripting in Microsoft SharePoint, in order to execute JavaScript
code in the context of other users.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Microsoft-SharePoint-Cross-Site-Scripting-of-List-15619