CVE-2012-1861

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server 2010 versions Gold through SP1 Microsoft SharePoint Foundation 2010 versions Gold through SP1 Microsoft Office Web Apps 2010 versions Gold through SP1

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL. This enables attacker-controlled JavaScript to run in the context of the user clicking a link, potentially allowing an anonymous attacker to issue commands in the context of an authenticated user.

Recommendations For Microsoft SharePoint Server 2010 versions Gold through SP1, update to a version that includes the fix for this issue. For Microsoft SharePoint Foundation 2010 versions Gold through SP1, update to a version that includes the fix for this issue. For Microsoft Office Web Apps 2010 versions Gold through SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to links that may contain crafted JavaScript elements until a patch is available.