CVE-2017-8654

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server 2010 Service Pack 2

Description A cross-site scripting (XSS) issue exists due to improper sanitization of specially crafted web requests to affected SharePoint servers. An authenticated attacker could exploit this by sending a specially crafted request, allowing cross-site scripting attacks on affected systems and running script in the security context of the current user. This could enable the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, such as changing permissions and deleting content, and inject malicious content into the user's browser.

Recommendations For Microsoft SharePoint Server 2010 Service Pack 2, update to a version that includes the fix for this issue to prevent cross-site scripting attacks. As a temporary workaround, consider restricting access to sensitive areas of the SharePoint server and implementing additional security measures to minimize the risk of exploitation.