Skip to main content

Microsoft SharePoint EUVD-2026-35583

| CVE-2026-48560 MEDIUM
Deserialization of Untrusted Data (CWE-502)
2026-06-09 secure@microsoft.com GHSA-3rrj-xq44-843h
Microsoft XSS Deserialization Sharepoint Server
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ENISA EUVD
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 19:05 vuln.today
Patch available
Jun 09, 2026 - 19:03 EUVD
CVE Published
Jun 09, 2026 - 17:17 nvd
MEDIUM 5.4

DescriptionNVD

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

AnalysisAI

Cross-site scripting in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables low-privileged authenticated attackers to perform spoofing attacks over a network without requiring user interaction. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms network-reachable exploitation by any authenticated SharePoint user with no further interaction required from a victim. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to SharePoint with low-privilege account
Delivery
Submit crafted HTTP request with malicious payload
Exploit
Payload deserialized or rendered without neutralization
Execution
Malicious script injected into SharePoint page response
Impact
Spoofed content delivered to targeted users or admin context
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold a valid low-privilege account on the targeted SharePoint Server deployment (PR:L per CVSS vector - unauthenticated access is NOT sufficient). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The 5.4 CVSS score reflects a moderate-severity vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated SharePoint user with low-privilege access (e.g., a standard contributor or reader account) sends a crafted HTTP request containing malicious script payload to a vulnerable SharePoint endpoint. The server fails to properly neutralize the input during page generation - potentially via unsafe deserialization of attacker-controlled content - causing the payload to render in the context of targeted users or administrative interfaces, achieving spoofing of page content or user identity. …
Remediation Vendor-released patches are available for all three affected product lines. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-35583 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy