29Nis
Sharepoint XSS issue
Today we released Security Advisory 983438 informing customers of a cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0. Here we would like to give further technical information about this vulnerability. What is the attack vector? The advisory states that the vulnerability could allow Elevation of Privilege (EoP) within the SharePoint site itself.