Skip to main content

Microsoft SharePoint EUVDEUVD-2026-35511

| CVE-2026-47638 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-06-09 secure@microsoft.com GHSA-v273-fx7c-xfq2
4.6
CVSS 3.1 · NVD
Temporal: 4.0
Share

Severity by source

NVD PRIMARY
4.6 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
4.0 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 19:34 vuln.today
Patch available
Jun 09, 2026 - 19:03 EUVD
CVE Published
Jun 09, 2026 - 17:17 nvd
MEDIUM 4.6

DescriptionCVE.org

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

AnalysisAI

Cross-site scripting in Microsoft SharePoint allows an authenticated low-privilege network attacker to inject malicious script content into SharePoint pages, enabling spoofing attacks against victim users who render the affected content. Three product lines are affected: SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition, all at specific 16.0.x build levels. No public exploit code or CISA KEV listing has been identified at time of analysis; the CVSS 4.6 Medium score reflects meaningful risk reduction from the dual prerequisites of authenticated access and required victim interaction.

Technical ContextAI

CWE-79 (Improper Neutralization of Input During Web Page Generation) indicates that user-supplied input is insufficiently encoded or sanitized before being rendered as HTML output, allowing an attacker to embed executable script content into the SharePoint web interface. Microsoft SharePoint is a widely-deployed enterprise collaboration and document management platform built on ASP.NET; its rich content editing surfaces (pages, lists, web parts) represent common XSS injection points. The affected product lines - SharePoint Enterprise Server 2016 (build < 16.0.5556.1005), SharePoint Server 2019 (build < 16.0.10417.20153), and SharePoint Server Subscription Edition (build < 16.0.19725.20384) - all share the 16.0.x codebase, suggesting the flaw exists in a shared rendering component. The spoofing impact described by Microsoft is consistent with XSS patterns where injected content can impersonate UI elements or redirect user interactions within the trusted SharePoint origin.

RemediationAI

Apply vendor-released patches as follows: upgrade SharePoint Enterprise Server 2016 to build 16.0.5556.1005 or later, SharePoint Server 2019 to build 16.0.10417.20153 or later, and SharePoint Server Subscription Edition to build 16.0.19725.20384 or later, per the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47638. If immediate patching is not operationally feasible, restrict contributor and edit permissions to trusted users only, reducing the pool of accounts that can inject content into SharePoint pages and lists - note this may impact legitimate collaboration workflows. Deploying or tightening a Content Security Policy (CSP) header at the reverse proxy or WAF layer to restrict script execution origins can serve as a secondary control, but requires careful tuning to avoid breaking SharePoint's own JavaScript-dependent UI components. Monitor SharePoint audit logs for unusual page or list modifications by low-privilege accounts as a detection measure during the remediation window.

Share

EUVD-2026-35511 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy