CVE-2015-2522

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Foundation 2013 SP1

Description The issue is related to a cross-site scripting (XSS) vulnerability that allows remote authenticated users to inject arbitrary web script or HTML via crafted content. This could enable an attacker to perform persistent cross-site scripting attacks, run script in the security context of the logged-on user, and potentially steal sensitive information, including authentication cookies and recently submitted data. The vulnerability exists due to the failure to properly sanitize user-supplied web requests.

Recommendations For Microsoft SharePoint Foundation 2013 SP1, consider restricting access to user-supplied web requests until a patch is available. As a temporary workaround, avoid submitting specially crafted content to target sites to minimize the risk of exploitation.