CVE-2018-0789

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Foundation version 2010 Microsoft SharePoint Server versions 2013 through 2016

Description The issue is related to the handling of web requests and insufficient access control, allowing an elevation of privilege. An authenticated attacker could exploit this by sending a specially crafted HTTP request to an affected server, potentially leading to cross-site scripting attacks. This could enable the attacker to read unauthorized content, use the victim's identity to change permissions, delete content, and inject malicious content into the user's browser.

Recommendations For Microsoft SharePoint Foundation 2010, update to a version that includes the fix for this issue. For Microsoft SharePoint Server 2013, apply the necessary patch or update to resolve the vulnerability. For Microsoft SharePoint Server 2016, consider disabling the handling of specially crafted web requests until a patch is available, and apply the necessary update once it is released.