Persistent XSS flaw in SharePoint 2013 revealed, patched

Among the vulnerabilities patched earlier this month by Microsoft is an important one that endangers users of Microsoft SharePoint 2013, a web application platform in the Microsoft Office server suite that combines a variety capabilities (intranet, extranet, content management, document management, personal cloud, and so on.)

CVE-2015-2522 is a persistent cross-site scripting vulnerability that can be exploited by remote attackers, allowing them to do a lot of damage.

They can obtain information about users’ operating system, browser, plugins, and other information that will help them target another vulnerability they can exploit to ultimately gain control of the system. They can steal sensitive information, including authentication cookies and recently submitted data. They can also redirect the victim’s browser to malicious websites, and force victims to download and execute malicious code from other websites.

Fortinet researchers, who discovered the flaw and notified Microsoft about it, have demonstrated its exploitation:


Luckily for users, there is no indication that the vulnerability has been found and exploited by malicious individuals in the wild before it was patched.

Nevertheless, as Fortintet published more details about the flaw, it’s likely that attackers will get on creating an exploit, so if you haven’t implemented the patch, you should get on it as soon as possible.