Microsoft has confirmed reports of a cross-site scripting vulnerability in SharePoint Server 2007 and SharePoint Services 3.0.
According to Microsoft, the vulnerability could allow escalation of privilege (EoP) within the SharePoint site. If an attacker successfully exploits the vulnerability, the person could run commands against the SharePoint server with the privileges of the compromised user.