CVE-2013-1289

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server 2010 SP1 Groove Server 2010 SP1 SharePoint Foundation 2010 SP1 Office Web Apps 2010 SP1

Description The issue is related to an elevation of privilege vulnerability that allows remote attackers to inject arbitrary web script or HTML via a crafted string. This vulnerability enables cross-site scripting (XSS) attacks, which can be exploited by an attacker to run a script in the security context of the current user.

Recommendations For Microsoft SharePoint Server 2010 SP1, consider disabling HTML sanitization functions until a patch is available. For Groove Server 2010 SP1, restrict access to HTML string sanitization to minimize the risk of exploitation. For SharePoint Foundation 2010 SP1, avoid using crafted strings that could lead to XSS attacks until the issue is resolved. For Office Web Apps 2010 SP1, as a temporary workaround, consider restricting the execution of scripts in the context of the current user.