XSS
1 Topic
Found Stored Cross Site Scripting (XSS) vulnerability in SharePoint 2013
Hi @all, having penetrated our local SP 2013 farm we now have to deal with a Stored Cross Site Scripting Vulnerability which was found by the pentesters. What they did: Creating a new task element or every other list element, it was possible to paste Script Code into the input field of the tasks title for example. (Same approach like SQL Injection works) After finishing the creation of the task, only viewing the task was necessary to run a XSS attack. Does anybody here know a solution or an official comment of Microsoft concerning that attack vector for SharePoint in general? Our management and security departments expects something like: "this vulnerability is fixed with CU xyz" or something similar... I hope Microsoft knows this vulnerability and is doing further steps to close that issue. Best regards, Sven Engel10KViews0likes10Comments