Description
A cross-site scripting (XSS) vulnerability, which could result in spoofing, exists when SharePoint fails to properly sanitize user-supplied web requests. An attacker who successfully exploited this vulnerability could perform persistent cross-site scripting attacks and run script (in the security context of the logged-on user) with malicious content that appears authentic. This could allow the attacker to steal sensitive information, including authentication cookies and recently submitted data.
Any users of SharePoint 2013 version 15.0.4571.1502 and before should update as soon as possible.
Remediation
Update to the latest version of Microsoft SharePoint.
References
Related Vulnerabilities
WordPress Plugin Affiliate Ads for Clickbank Products Cross-Site Scripting (1.6)
WordPress Plugin Featured Content 'param' Parameter Cross-Site Scripting (0.0.1)
WordPress Plugin HTML5 jQuery Audio Player Multiple Cross-Site Scripting Vulnerabilities (2.3)
WordPress Plugin Modern Events Calendar Lite Cross-Site Scripting (5.22.2)
WordPress Plugin WBW Currency Switcher for WooCommerce Cross-Site Scripting (1.6.5)