Microsoft SharePoint Services Help.aspx 'cid0' Parameter XSS
Medium Nessus Plugin ID 47580
An application running on the remote web server has a cross-site scripting vulnerability.
The version of Microsoft SharePoint Services running on the remote host has a cross-site scripting vulnerability. Input sent to the 'cid0' parameter of '/_layouts/help.aspx' is not properly sanitized. A remote attacker could exploit this by tricking a user into making a malicious request, resulting in the execution of arbitrary script code.
Microsoft has released a set of patches for SharePoint Services.