https://aretiq.ai/tags/cross-site-scripting/Recent content in Cross-Site-Scripting on Aretiq AIHugoen-usTue, 16 Jun 2026 00:00:00 +0000https://aretiq.ai/research/vul260604-cve-2026-45453-microsoft-sharepoint-server-workflow-pages-docurl-parameter-reflected-cross-site-scripting/Tue, 16 Jun 2026 00:00:00 +0000https://aretiq.ai/research/vul260604-cve-2026-45453-microsoft-sharepoint-server-workflow-pages-docurl-parameter-reflected-cross-site-scripting/<h2 id="1-overview">1. Overview</h2> <p>A reflected cross-site scripting vulnerability exists in three SharePoint Server workflow management pages. The <code>DocURL</code> query string parameter is rendered directly into HTML anchor tag <code>href</code> attributes without any encoding, allowing an attacker to inject arbitrary HTML attributes including JavaScript event handlers. An unauthenticated attacker can craft a malicious URL and deliver it to an authenticated SharePoint user; when the victim visits the link and hovers over the page&rsquo;s tab navigation, the injected JavaScript executes in the SharePoint origin context, enabling session hijacking and unauthorized actions. Microsoft addressed this vulnerability in the June 2026 security update (KB5002880 for SharePoint Server 2016, KB5002874 for SharePoint Server 2019).</p>