<< Back
CVE Number Vulnerability Product Severity Date
MS14-022 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166) Microsoft SharePoint Critical 14-05-2014

Technical Information

Brief overview of the risk:
The security update addresses the vulnerabilities by correcting how SharePoint Server and Web Applications sanitize specially crafted page content.
Detailed Information on the risk:

An elevation of privilege vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks on affected systems and run script in the security context of the logged-on user.

Further information on this exploit is available at : MS14-022

Affected Software

Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013