Microsoft SharePoint XSS spoofing vulnerability

Description

A cross-site scripting (XSS) vulnerability, which could result in spoofing, exists when SharePoint fails to properly sanitize user-supplied web requests. An attacker who successfully exploited this vulnerability could perform persistent cross-site scripting attacks and run script (in the security context of the logged-on user) with malicious content that appears authentic. This could allow the attacker to steal sensitive information, including authentication cookies and recently submitted data.

Any users of SharePoint 2013 version 15.0.4571.1502 and before should update as soon as possible.

Remediation

Update to the latest version of Microsoft SharePoint.

References