CVE-2017-11936

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Enterprise Server 2016

Description The issue arises from the way web requests are handled. An elevation of privilege issue exists due to improper sanitization of specially crafted web requests to an affected SharePoint server. An authenticated attacker could exploit this by sending a crafted request, potentially leading to cross-site scripting attacks. This could allow the attacker to read unauthorized content, use the victim's identity to take actions such as changing permissions and deleting content, and inject malicious content into the user's browser.

Recommendations For Microsoft SharePoint Enterprise Server 2016, apply the necessary security updates to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the SharePoint site to minimize the risk of exploitation. Avoid using the affected SharePoint server for sensitive operations until the issue is resolved.