The host is installed with Microsoft SharePoint Foundation 2013 or Microsoft SharePoint Server 2013 and is prone to a elevation of privilege vulnerability. The flaw is present in the application, which fails to handle a specially crafted app that uses the SharePoint extensibility model to execute arbitrary JavaScript on behalf of the user. Successful exploitation allows attackers to execute arbitrary script in the security context of the logged-on user. The script could then, for example, take actions on the affected SharePoint site on behalf of the logged-on user with the same permissions as the logged-on user.