Microsoft SharePoint Cross Site Scripting Vulnerability

Summary
This host is running Microsoft SharePoint Server and is prone to Cross Site Scripting vulnerability.
Impact
Successful exploitation will allow remote authenticated users to leverage same-origin relationships and conduct cross-site scripting attacks by uploading TXT files. Impact Level: Application
Solution
Upgrade to SharePoint Server 2010 or later. For updates refer to http://sharepoint.microsoft.com/Pages/Default.aspx
Insight
This flaw is due to insufficient validation of user supplied data passed into 'SourceUrl' and 'Source' parameters in the 'download.aspx' in SharePoint Team Services.
Affected
Microsoft Office SharePoint Server 2007 12.0.0.6421 and prior.
References