Description
A cross-site scripting (XSS) vulnerability, which could result in spoofing, exists when SharePoint fails to properly sanitize user-supplied web requests. An attacker who successfully exploited this vulnerability could perform persistent cross-site scripting attacks and run script (in the security context of the logged-on user) with malicious content that appears authentic. This could allow the attacker to steal sensitive information, including authentication cookies and recently submitted data.
Any users of SharePoint 2013 version 15.0.4571.1502 and before should update as soon as possible.
Remediation
Update to the latest version of Microsoft SharePoint.
References
Related Vulnerabilities
WordPress Plugin Ivory Search-WordPress Search Cross-Site Scripting (4.6.6)
WordPress Plugin Gallery-Video Gallery and Youtube Gallery Cross-Site Scripting (1.2.4)
WordPress Plugin YOP Poll Cross-Site Scripting (6.2.7)
WordPress Plugin Contact Form 7 Zendesk Cross-Site Scripting (1.0.7)
WordPress Plugin WP Statistics Cross-Site Scripting (12.6.5)