Description

A cross-site scripting and elevation of privilege vulnerability exists in SharePoint that allows attacker-controlled JavaScript to run in the context of the user clicking a link. This is an elevation of privilege vulnerability as it allows an anonymous attacker to potentially issue SharePoint commands in the context of an authenticated user on the site.

Remediation

Upgrade SharePoint to the latest version.

References

Microsoft Security Bulletin MS12-050

Related Vulnerabilities

WordPress Plugin Job Manager Multiple Cross-Site Scripting Vulnerabilities (0.7.18)

WordPress Plugin CigiCigi Post Guest Cross-Site Scripting (1.0.5)

WordPress Plugin WP Easy Post Types Cross-Site Scripting (1.4.3)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Cross-Site Scripting (4.09.04)

WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Scripting (3.0.9)

Severity

High

Classification

CVE-2012-1859 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

XSS Privilege Escalation