The host is installed with Microsoft SharePoint Server 2007 or SharePoint Services 3.0 or SharePoint Foundation 2010 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle malicious JavaScript elements contained within a specially crafted URL. Successful exploitation allows attackers to potentially issue SharePoint commands in the context of an authenticated user.