SharePoint Online Cross-Site Scripting vulnerability
Affected Product: SharePoint online
Credits: Vulnerability discovered by Claudio Cinquino
Using a specially crafted HTTP request, it is possible to exploit a lack in the neutralization of the pages output which includes the user submitted content.
Proof of Concept
The Reflected XSS vulnerability was discovered in the Microsoft Forms Module.
13/02/2019 – Vulnerability Discovered
13/02/2019 – Initial vendor notification
06/05/2019 – The vendor fixed the vulnerability
20/05/2019 – The vendor published Online Service Acknowledgements
Latest posts by Claudio Cinquino (see all)
- SharePoint Online Cross-Site Scripting vulnerability - 31 July 2019
- Content removed on vendor request - 9 January 2019
- McAfee SIEM ESM and ESMREC Authentication Bypass vulnerability - 12 September 2016