Microsoft SharePoint Services Help.aspx 'cid0' Parameter XSS
Medium Nessus Plugin ID 47580
Synopsis
An application running on the remote web server has a cross-site
scripting vulnerability.
Description
The version of Microsoft SharePoint Services running on the remote
host has a cross-site scripting vulnerability. Input sent to the
'cid0' parameter of '/_layouts/help.aspx' is not properly sanitized.
A remote attacker could exploit this by tricking a user into making a
malicious request, resulting in the execution of arbitrary script
code.
Solution
Microsoft has released a set of patches for SharePoint Services.