CVE-2018-8254

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft Project Server (affected versions not specified)

Description An elevation of privilege issue exists due to improper sanitization of specially crafted web requests to affected SharePoint servers. An authenticated attacker could exploit this by sending a specially crafted request, potentially leading to cross-site scripting attacks. These attacks could allow the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, and inject malicious content into the user's browser.

Recommendations For Microsoft SharePoint Server, update to a version that includes the fix for this issue. For Microsoft Project Server, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to affected SharePoint servers to minimize the risk of exploitation. Avoid using affected SharePoint servers for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.