CVE-2018-0790

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Foundation 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016

Description: An elevation of privilege issue exists due to improper sanitization of specially crafted web requests to affected SharePoint servers. An authenticated attacker could exploit this by sending a specially crafted request, potentially leading to cross-site scripting attacks. These attacks could allow the attacker to read unauthorized content, use the victim's identity to change permissions and delete content, and inject malicious content into the user's browser.

Recommendations: For Microsoft SharePoint Foundation 2010, update to a version that includes the fix for this issue. For Microsoft SharePoint Server 2013, update to a version that includes the fix for this issue. For Microsoft SharePoint Server 2016, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to affected SharePoint servers to minimize the risk of exploitation.