CVE-2011-1891

Name of the Vulnerable Software and Affected Versions Microsoft Windows SharePoint Services 3.0 SP2 Microsoft SharePoint Foundation 2010 Gold Microsoft SharePoint Foundation 2010 SP1

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script. This could enable an attacker to gain control over valid user accounts, perform operations on the user's behalf, redirect the user to malicious sites, or steal user credentials.

Recommendations For Microsoft Windows SharePoint Services 3.0 SP2, update to a version that includes the fix for this issue. For Microsoft SharePoint Foundation 2010 Gold, apply the necessary patch or update to a secured version. For Microsoft SharePoint Foundation 2010 SP1, consider disabling access to vulnerable scripts until a patch is available.