XSS in Microsoft Sharepoint_foundation

CVE-2014-4116

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.123 (94.0th percentile) — read the EPSS interpretation.

Affected products

Microsoft Sharepoint_foundation — versions 2010
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

MS14-073 (x_refsource_MS, vendor-advisory)
1031192 (vdb-entry, x_refsource_SECTRACK)