XSS in Microsoft Sharepoint_foundation

CVE-2015-6039

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace insta…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.066 (91.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft Sharepoint_foundation — versions 2013
Microsoft Sharepoint_server — versions 2013
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

MS15-110 (x_refsource_MS, vendor-advisory)
1033804 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)