CVE-2013-3180

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server versions 2010 SP1 through 2010 SP2 Microsoft SharePoint Server version 2013

Description The issue allows remote attackers to inject arbitrary web script or HTML via a crafted POST request. An elevation of privilege vulnerability exists, which could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

Recommendations For Microsoft SharePoint Server versions 2010 SP1 through 2010 SP2, update to a version that includes the fix for this issue. For Microsoft SharePoint Server version 2013, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive areas of the server to minimize the risk of exploitation.