MS13-035: Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)
Medium Nessus Plugin ID 65882
SynopsisThe remote host is affected by a cross-site scripting vulnerability.
DescriptionThe version of InfoPath, SharePoint Server, SharePoint Foundation, Groove Server, or Office Web Apps running on the remote host is affected by an unspecified cross-site scripting vulnerability. An attacker could exploit this by tricking a user into requesting specially crafted SharePoint content, resulting in arbitrary script code execution.
SolutionMicrosoft has released a set of patches for InfoPath 2010, SharePoint Server 2010, SharePoint Foundation 2010, Groove Server 2010, and Office Web Apps 2010.