CVE-2017-8629

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server 2013 Service Pack 1

Description The issue arises when Microsoft SharePoint Server fails to properly sanitize a specially crafted web request to an affected SharePoint server. This allows an attacker to perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacker could read content they are not authorized to read, use the victim's identity to take actions on the SharePoint site, such as changing permissions and deleting content, and inject malicious content in the user's browser.

Recommendations For Microsoft SharePoint Server 2013 Service Pack 1, update to a version that properly sanitizes web requests to prevent elevation of privilege and cross-site scripting attacks. As a temporary workaround, consider restricting access to sensitive areas of the SharePoint site to minimize the risk of exploitation.