There is a cross-site scripting flaw in SharePoint 2007, Microsoft s collaboration product. The vulnerability exists due to failure in the /_layouts/help.aspx script to properly sanitize user-supplied input in cid0 variable. Successful exploitation of this vulnerability could result in a.compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data, the company said.
Source: https://threatpost.com/new-flaw-found-microsoft-sharepoint-042910/73898/