(MS14-050) Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)

  Severity: HIGH
  CVE Identifier: CVE-2014-2816
  Advisory Date: AUG 14, 2014

  DESCRIPTION

This security update resolves one privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted app to run arbitrary JavaScript in the context of the user on the current SharePoint site.

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Microsoft SharePoint Server 2013
  • Microsoft SharePoint Server 2013 Service Pack 1