CVE-2015-1633

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Foundation 2010 SP2 Microsoft SharePoint Server 2010 SP2 Microsoft SharePoint Foundation 2013 Gold and SP1 Microsoft SharePoint Server 2013 Gold and SP1

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted request. An authenticated attacker could exploit these vulnerabilities by sending a specially crafted request to an affected SharePoint server, potentially leading to cross-site scripting attacks. This could enable the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, and inject malicious content in the victim's browser.

Recommendations For Microsoft SharePoint Foundation 2010 SP2, update to a version that includes the fix for this issue. For Microsoft SharePoint Server 2010 SP2, update to a version that includes the fix for this issue. For Microsoft SharePoint Foundation 2013 Gold and SP1, update to a version that includes the fix for this issue. For Microsoft SharePoint Server 2013 Gold and SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to affected SharePoint servers to minimize the risk of exploitation.