The host is installed with Microsoft SharePoint Server 2010 or SharePoint Foundation 2010 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly handle malicious JavaScript elements contained within a specially crafted URL. Successful exploitation allows attackers to potentially issue SharePoint commands in the context of an authenticated user on the site.