The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Microsoft SharePoint: Cross Site Scripting of List

Synthesis of the vulnerability

An authenticated attacker can trigger a Cross Site Scripting in Microsoft SharePoint, in order to execute JavaScript code in the context of other users.
Severity of this announce: 2/4.
Creation date: 12/11/2014.
Références of this computer vulnerability: 3000431, CERTFR-2014-AVI-472, CVE-2014-4116, MS14-073, VIGILANCE-VUL-15619.

Description of the vulnerability

The Microsoft SharePoint product offers a web service.

However, an authenticated used can alter a list, which is then inserted in HTML documents generated for other users.

An authenticated attacker can therefore trigger a Cross Site Scripting in Microsoft SharePoint, in order to execute JavaScript code in the context of other users.
Full Vigil@nce bulletin... (Free trial)

This security vulnerability impacts software or systems such as MOSS.

Our Vigil@nce team determined that the severity of this computer weakness bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of user account.

An attacker with a expert ability can exploit this security note.

Solutions for this threat

Microsoft SharePoint: patch for List.
A patch is available in information sources.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides network vulnerability analysis. The Vigil@nce vulnerability database contains several thousand vulnerabilities.