CVE-2018-0869

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server 2016

Description: The issue arises from how web requests are handled, allowing an elevation of privilege. An authenticated attacker could exploit this by sending a specially crafted request to an affected server, potentially leading to cross-site scripting attacks. This could enable the attacker to read unauthorized content, use the victim's identity to change permissions or delete content, and inject malicious content into the user's browser.

Recommendations: For Microsoft SharePoint Server 2016, update the software to a version that properly sanitizes web requests to prevent elevation of privilege attacks. As a temporary workaround, consider restricting access to sensitive areas of the SharePoint site to minimize the risk of exploitation.