Microsoft SharePoint Server Privilege Escalation Vulnerabilities


Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka ‘SharePoint Elevation of Privilege Vulnerability.’


The information has been provided by Drew Calcott of EY .


Vulnerable Systems:
 * Microsoft SharePoint Foundation 2010 SP2

Microsoft SharePoint Server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper sanitizing of page content in SharePoint lists. By convincing a victim to browse a specially modified SharePoint list, an authenticated attacker could exploit this vulnerability to execute arbitrary script with the same permissions as the victim.

CVE Information:

Disclosure Timeline:
Original release date: 11/11/2014
Last revised: 12/31/2014

Categories: Windows