alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Possible SharePoint XSS (CVE-2017-8514) Inbound"; flow:to_server,established; http.uri; content:"FollowSite="; nocase; fast_pattern; content:"SiteName="; nocase; content:"-confirm"; nocase; distance:0; reference:url,respectxss.blogspot.fr/2017/06/a-look-at-cve-2017-8514-sharepoints.html; classtype:attempted-user; sid:2024412; rev:3; metadata:affected_product HTTP_Server, attack_target Server, created_at 2017_06_19, cve CVE_2017_8514, deployment Internal, performance_impact Moderate, confidence Medium, signature_severity Major, updated_at 2020_08_06;)