CVE-2017-8745

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server (affected versions not specified)

Description The issue arises from improper sanitization of specially crafted web requests to an affected SharePoint server. An authenticated attacker could exploit this by sending a specially crafted request, potentially leading to cross-site scripting attacks. This could allow the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, and inject malicious content into the user's browser.

Recommendations For Microsoft SharePoint Foundation 2013 Service Pack 1, update to a version that properly sanitizes web requests to prevent cross-site scripting attacks. For Microsoft SharePoint Server, apply configuration changes to ensure proper sanitization of web requests, such as validating user input and encoding output, until a fixed version is available. As a temporary workaround, consider restricting access to sensitive areas of the SharePoint site to minimize the risk of exploitation.