Forum Discussion

Sven Engel's avatar
Sven Engel
Copper Contributor
Aug 10, 2017

Found Stored Cross Site Scripting (XSS) vulnerability in SharePoint 2013

Hi @all,   having penetrated our local SP 2013 farm we now have to deal with a Stored Cross Site Scripting Vulnerability which was found by the pentesters.   What they did: Creating a new task e...
security
sharepoint server
XSS
MichaelHolste's avatar
MichaelHolste
Icon for Microsoft rankMicrosoft
Aug 24, 2017

Microsoft has reproduced the issue and is working on a fix.

During our initial review of this thread we were able to identify a workaround to prevent this issue.

  • Open the “List Settings” page off of the task list associated with the “Project Summary” webpart.
  • Open the “Advanced settings” option from the “List settings” page.


  • Change the setting of the “Launch forms in a dialog?” option to “No”.

Thanks,
SharePoint Team

Resources