Microsoft SharePoint XSS spoofing vulnerability
Description
Microsoft SharePoint 2013 (versions 15.0.4571.1502 and earlier) contains a cross-site scripting (XSS) vulnerability caused by improper sanitization of user-supplied input in web requests. This flaw allows attackers to inject malicious scripts that execute in the context of authenticated users, enabling persistent XSS attacks where malicious content appears as legitimate SharePoint content. The vulnerability can be exploited to perform spoofing attacks, making fraudulent content indistinguishable from authentic SharePoint pages.
Affected versions: SharePoint 2013 15.0.4571.1502 and earlier.
Remediation
Apply the security updates provided in Microsoft Security Bulletin MS15-099 immediately. Follow these steps to remediate:
1. Identify affected systems: Verify all SharePoint 2013 installations and confirm versions 15.0.4571.1502 or earlier are in use
2. Apply patches: Download and install the latest security updates from Microsoft Update or the Microsoft Download Center
3. Verify patch installation: Confirm SharePoint version has been updated beyond 15.0.4571.1502
4. Review configurations: Implement Content Security Policy (CSP) headers to provide defense-in-depth protection against XSS attacks
5. Monitor for exploitation: Review SharePoint logs for suspicious input patterns or script injection attempts
As a temporary mitigation until patching is complete, consider implementing input validation and output encoding controls at the web application firewall level if available.