Vulnerabilities in SharePoint could allow elevation of privilege

Description
  • A cross-site scripting and elevation of privilege vulnerability exists in SharePoint that allows attacker-controlled JavaScript to run in the context of the user clicking a link. This is an elevation of privilege vulnerability as it allows an anonymous attacker to potentially issue SharePoint commands in the context of an authenticated user on the site.
Remediation
  • Upgrade SharePoint to the latest version.
References