Description
A cross-site scripting (XSS) vulnerability, which could result in spoofing, exists when SharePoint fails to properly sanitize user-supplied web requests. An attacker who successfully exploited this vulnerability could perform persistent cross-site scripting attacks and run script (in the security context of the logged-on user) with malicious content that appears authentic. This could allow the attacker to steal sensitive information, including authentication cookies and recently submitted data.
Any users of SharePoint 2013 version 15.0.4571.1502 and before should update as soon as possible.
Remediation
Update to the latest version of Microsoft SharePoint.
References
Related Vulnerabilities
WordPress Plugin Site Reviews Cross-Site Scripting (2.15.2)
WordPress Plugin wpForo Forum Cross-Site Scripting (2.1.8)
WordPress Plugin WP Learn Manager Cross-Site Scripting (1.1.2)
WordPress Plugin Twitter Feed:Embedded Timeline 'url' Parameter Cross-Site Scripting (0.3.1)
WordPress Plugin Active Directory Integration/LDAP Integration Cross-Site Scripting (3.6.94)