Intrusion Prevention

MS.SharePoint.App.Links.Notes.XSS

Description

This indicates an attack attempt against a persistent cross-site scripting vulnerability in Microsoft SharePoint Server.
This vulnerability exists due to insufficient sanitizing user input. It allows attackers to inject JavaScript code to potentially issue SharePoint commands in the context of another authenticated user.

Affected Products

Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2013 Service Pack 1

Impact

Persistent Cross-Site Scripting vulnerability which allows attackers to inject malicious JavaScript code.

Recommended Actions

Apply the latest update from the vendor.
https://technet.microsoft.com/library/security/ms15-099

CVE References

CVE-2015-2522