[原文]Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow remote attackers to inject arbitrary web script or HTML via the (1) picture columns embedded within SharePoint lists or (2) drop-down menus in a SharePoint list.
Groove Virtual Office/Workspace SharePoint Replicated Menu Arbitrary Script Injection
Unknown or Incomplete
Groove Networks has released updated versions to fix this vulnerability. An upgrade is required as there are no known workarounds. The following versions address the issue:
Groove Virtual Office: 3.1a build 2364 or 3.1 build 2338
Groove Workspace: 2.5n build 1871