Sharepoint online cross-site scripting vulnerability È stato salvato
Sharepoint online cross-site scripting vulnerability
Affected Product: SharePoint online
Credits: Vulnerability discovered by Claudio Cinquino
Using a specially crafted HTTP request, it is possible to exploit a lack in the neutralization of the pages output which includes the user submitted content.
Proof of Concept
The Reflected XSS vulnerability was discovered in the Microsoft Forms Module.
13/02/2019 – Vulnerability Discovered
13/02/2019 – Initial vendor notification
06/05/2019 – The vendor fixed the vulnerability
20/05/2019 – The vendor published Online Service Acknowledgements