CVE-2012-1863

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint Server 2007 versions SP2 through SP3 Windows SharePoint Services 3.0 version SP2 SharePoint Foundation 2010 versions Gold through SP1

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL. This enables attacker-controlled JavaScript to run in the context of the user clicking a link, potentially allowing an anonymous attacker to issue SharePoint commands in the context of an authenticated user.

Recommendations For Microsoft Office SharePoint Server 2007 versions SP2 through SP3, update to a newer version to mitigate the risk. For Windows SharePoint Services 3.0 version SP2, update to a newer version to mitigate the risk. For SharePoint Foundation 2010 versions Gold through SP1, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to crafted JavaScript elements in URLs to minimize the risk of exploitation.