Microsoft SharePoint Server Privilege Escalation Vulnerabilities
The information has been provided by Drew Calcott of EY .
* Microsoft SharePoint Foundation 2010 SP2
Microsoft SharePoint Server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper sanitizing of page content in SharePoint lists. By convincing a victim to browse a specially modified SharePoint list, an authenticated attacker could exploit this vulnerability to execute arbitrary script with the same permissions as the victim.
Original release date: 11/11/2014
Last revised: 12/31/2014