CVE-2011-0653

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint Server 2010 versions Gold and SP1 Microsoft SharePoint Foundation 2010

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the URI. This could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. The vulnerability enables an attacker to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site.

Recommendations For Microsoft Office SharePoint Server 2010 versions Gold and SP1, update to a version that includes the fix for this issue. For Microsoft SharePoint Foundation 2010, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SharePoint Calendar feature until a patch is available. Avoid using specially crafted URLs that contain malicious JavaScript elements in the affected SharePoint versions until the issue is resolved.