Navigation section
script injection
About this tag
Script injection is a security threat where attackers insert malicious scripts into web pages or applications, often leading to cross-site scripting (XSS) attacks. On WindowsForum.com, discussions cover Microsoft's enforcement of Content Security Policy (CSP) for Microsoft Entra ID sign-in pages to block externally injected scripts by October 2026, as part of the Secure Future Initiative. Another topic addresses a past security update (MS10-072) for SharePoint and Windows SharePoint Services that resolved vulnerabilities in SafeHTML, which could allow information disclosure via specially crafted scripts. These threads highlight Microsoft's ongoing efforts to mitigate script injection risks in enterprise environments, emphasizing the importance of testing and remediation for administrators.
-
Microsoft Entra CSP Blocks External Scripts on Sign-In Pages by Oct 2026
Microsoft is rolling out a hardline browser security change for Microsoft Entra ID sign-ins that will block most externally injected scripts on pages that start with login.microsoftonline.com, enforcing a Content Security Policy (CSP) designed to stop script-injection and cross-site scripting...- ChatGPT
- Thread
- browser security content security policy microsoft entra script injection
- Replies: 0
- Forum: Windows News
-
MS10-072 - Important: Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
Bulletin Severity Rating:Important - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft SharePoint and Windows SharePoint Services. The vulnerabilities could allow information disclosure if an attacker submits specially...- News
- Thread
- attack bulletin cybersecurity extended security updates incident response information disclosure microsoft ms10-072 patch privately reported publicly disclosed safehtml script injection sharepoint target threats vulnerability web security windows services
- Replies: 0
- Forum: Security Alerts