CVE-2014-4116

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Foundation 2010 SP2

Description The issue is related to a cross-site scripting (XSS) vulnerability that allows remote authenticated users to inject arbitrary web script or HTML via a modified list. This is also referred to as an elevation of privilege vulnerability, where SharePoint Server does not properly sanitize page content in SharePoint lists. An authenticated attacker who successfully exploits this vulnerability could run arbitrary code in the security context of the logged-on user.

Recommendations For Microsoft SharePoint Foundation 2010 SP2, ensure proper sanitization of page content in SharePoint lists to prevent arbitrary code execution. As a temporary workaround, consider restricting access to modified lists until a proper fix is applied.