Skip to main content

Sharepoint Foundation

215 CVEs product

Monthly

CVE-2016-0039 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Sharepoint Foundation
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2016-0011 MEDIUM This Month

Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Sharepoint Server Sharepoint Foundation
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2015-6117 MEDIUM This Month

Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2015-6039 LOW Monitor

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
3.5
EPSS
6.6%
CVE-2015-6037 LOW Monitor

Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Epss exploitation probability 10.2% and no vendor patch available.

XSS Microsoft Excel Web App Office Web Apps Sharepoint Foundation +1
NVD
CVSS 2.0
3.5
EPSS
10.2%
CVE-2015-2522 LOW Monitor

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka "Microsoft. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Sharepoint Foundation
NVD
CVSS 2.0
3.5
EPSS
8.6%
CVE-2015-1700 MEDIUM This Month

Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Epss exploitation probability 20.2% and no vendor patch available.

RCE Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
6.0
EPSS
20.2%
CVE-2015-1682 CRITICAL Emergency

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 36.7% and no vendor patch available.

RCE Buffer Overflow Microsoft Excel Excel Web App +7
NVD
CVSS 2.0
9.3
EPSS
36.7%
CVE-2015-1653 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
4.3
EPSS
9.9%
CVE-2015-1636 LOW Monitor

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Sharepoint Server Sharepoint Foundation
NVD
CVSS 2.0
3.5
EPSS
7.9%
CVE-2015-1633 LOW Monitor

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
3.5
EPSS
7.9%
CVE-2015-0085 CRITICAL Emergency

Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 46.3% and no vendor patch available.

RCE Denial Of Service Microsoft Excel Excel Viewer +9
NVD
CVSS 2.0
9.3
EPSS
46.3%
CVE-2014-4116 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.3% and no vendor patch available.

XSS Microsoft Sharepoint Foundation
NVD
CVSS 2.0
4.3
EPSS
12.3%
CVE-2014-2816 CRITICAL Emergency

Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 48.8% and no vendor patch available.

Privilege Escalation Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
9.3
EPSS
48.8%
CVE-2014-1754 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.3% and no vendor patch available.

XSS Microsoft Office Web Apps Server Sharepoint Foundation Sharepoint Server +1
NVD
CVSS 2.0
4.3
EPSS
13.3%
CVE-2014-0251 CRITICAL Act Now

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.6% and no vendor patch available.

RCE Code Injection Microsoft Office Web Apps Server Project Server +6
NVD
CVSS 2.0
9.0
EPSS
19.6%
CVE-2013-3847 CRITICAL Emergency

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.2% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Sharepoint Foundation +7
NVD
CVSS 2.0
9.3
EPSS
64.2%
CVE-2013-3180 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 62.1% and no vendor patch available.

Microsoft XSS Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
4.3
EPSS
62.1%
CVE-2013-3179 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.6%.

Microsoft XSS Sharepoint Foundation Sharepoint Server Sharepoint Services
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
10.6%
CVE-2013-1330 CRITICAL Emergency

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 67.1% and no vendor patch available.

Microsoft RCE Sharepoint Foundation Sharepoint Portal Server Sharepoint Server +2
NVD
CVSS 2.0
10.0
EPSS
67.1%
Threat
4.0
CVE-2013-1315 CRITICAL POC PATCH THREAT Act Now

Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 73.7%.

Buffer Overflow Denial Of Service Microsoft RCE Excel +8
NVD
CVSS 2.0
9.3
EPSS
73.7%
Threat
5.6
CVE-2013-0081 MEDIUM This Month

Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 78.4% and no vendor patch available.

Denial Of Service Microsoft Sharepoint Foundation Sharepoint Portal Server Sharepoint Server +1
NVD
CVSS 2.0
5.0
EPSS
78.4%
CVE-2013-1289 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 45.0% and no vendor patch available.

Microsoft XSS Groove Server Infopath Office Web Apps +2
NVD
CVSS 2.0
4.3
EPSS
45.0%
CVE-2013-0086 MEDIUM This Month

Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 34.2% and no vendor patch available.

Buffer Overflow Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
5.0
EPSS
34.2%
CVE-2013-0085 HIGH Act Now

Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL,. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 70.1% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
7.8
EPSS
70.1%
CVE-2013-0084 HIGH Act Now

Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.0% and no vendor patch available.

Path Traversal Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
7.5
EPSS
33.0%
CVE-2013-0083 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.1% and no vendor patch available.

Microsoft XSS Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
4.3
EPSS
44.1%
CVE-2013-0080 HIGH Act Now

Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 50.3% and no vendor patch available.

Privilege Escalation Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
7.5
EPSS
50.3%
CVE-2012-2520 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.2% and no vendor patch available.

Microsoft XSS Groove Server Infopath Lync +5
NVD
CVSS 2.0
4.3
EPSS
24.2%
CVE-2012-1863 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 41.3% and no vendor patch available.

Microsoft XSS Office Sharepoint Server Sharepoint Foundation Sharepoint Server +1
NVD
CVSS 2.0
4.3
EPSS
41.3%
CVE-2012-1861 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 38.9% and no vendor patch available.

Microsoft XSS Office Web Apps Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
4.3
EPSS
38.9%
CVE-2012-1859 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 41.3% and no vendor patch available.

Microsoft XSS Office Web Apps Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
4.3
EPSS
41.3%
CVE-2012-0145 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 35.9% and no vendor patch available.

Microsoft XSS Sharepoint Server Sharepoint Foundation
NVD
CVSS 2.0
4.3
EPSS
35.9%
CVE-2012-0144 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 35.9% and no vendor patch available.

Microsoft XSS Sharepoint Server Sharepoint Foundation
NVD
CVSS 2.0
4.3
EPSS
35.9%
CVE-2012-0017 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft XSS Sharepoint Foundation
NVD
CVSS 2.0
4.3
EPSS
42.4%
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Sharepoint Foundation
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Sharepoint Server +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Sharepoint Foundation +1
NVD
EPSS 7% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Sharepoint Foundation +1
NVD
EPSS 10% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Epss exploitation probability 10.2% and no vendor patch available.

XSS Microsoft Excel Web App +3
NVD
EPSS 9% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka "Microsoft. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Sharepoint Foundation
NVD
EPSS 20% CVSS 6.0
MEDIUM This Month

Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Epss exploitation probability 20.2% and no vendor patch available.

RCE Microsoft Sharepoint Foundation +1
NVD
EPSS 37% CVSS 9.3
CRITICAL Emergency

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 36.7% and no vendor patch available.

RCE Buffer Overflow Microsoft +9
NVD
EPSS 10% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Sharepoint Foundation +1
NVD
EPSS 8% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Sharepoint Server +1
NVD
EPSS 8% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Sharepoint Foundation +1
NVD
EPSS 46% CVSS 9.3
CRITICAL Emergency

Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 46.3% and no vendor patch available.

RCE Denial Of Service Microsoft +11
NVD
EPSS 12% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.3% and no vendor patch available.

XSS Microsoft Sharepoint Foundation
NVD
EPSS 49% CVSS 9.3
CRITICAL Emergency

Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 48.8% and no vendor patch available.

Privilege Escalation Microsoft Sharepoint Foundation +1
NVD
EPSS 13% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.3% and no vendor patch available.

XSS Microsoft Office Web Apps Server +3
NVD
EPSS 20% CVSS 9.0
CRITICAL Act Now

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.6% and no vendor patch available.

RCE Code Injection Microsoft +8
NVD
EPSS 64% CVSS 9.3
CRITICAL Emergency

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.2% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft +9
NVD
EPSS 62% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 62.1% and no vendor patch available.

Microsoft XSS Sharepoint Foundation +1
NVD
EPSS 11% CVSS 4.3
MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.6%.

Microsoft XSS Sharepoint Foundation +2
NVD Exploit-DB
EPSS 67% 4.0 CVSS 10.0
CRITICAL Emergency

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 67.1% and no vendor patch available.

Microsoft RCE Sharepoint Foundation +4
NVD
EPSS 74% 5.6 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 73.7%.

Buffer Overflow Denial Of Service Microsoft +10
NVD
EPSS 78% CVSS 5.0
MEDIUM This Month

Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 78.4% and no vendor patch available.

Denial Of Service Microsoft Sharepoint Foundation +3
NVD
EPSS 45% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 45.0% and no vendor patch available.

Microsoft XSS Groove Server +4
NVD
EPSS 34% CVSS 5.0
MEDIUM This Month

Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 34.2% and no vendor patch available.

Buffer Overflow Microsoft Sharepoint Foundation +1
NVD
EPSS 70% CVSS 7.8
HIGH Act Now

Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL,. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 70.1% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft +2
NVD
EPSS 33% CVSS 7.5
HIGH Act Now

Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.0% and no vendor patch available.

Path Traversal Microsoft Sharepoint Foundation +1
NVD
EPSS 44% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.1% and no vendor patch available.

Microsoft XSS Sharepoint Foundation +1
NVD
EPSS 50% CVSS 7.5
HIGH Act Now

Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 50.3% and no vendor patch available.

Privilege Escalation Microsoft Sharepoint Foundation +1
NVD
EPSS 24% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.2% and no vendor patch available.

Microsoft XSS Groove Server +7
NVD
EPSS 41% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 41.3% and no vendor patch available.

Microsoft XSS Office Sharepoint Server +3
NVD
EPSS 39% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 38.9% and no vendor patch available.

Microsoft XSS Office Web Apps +2
NVD
EPSS 41% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 41.3% and no vendor patch available.

Microsoft XSS Office Web Apps +2
NVD
EPSS 36% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 35.9% and no vendor patch available.

Microsoft XSS Sharepoint Server +1
NVD
EPSS 36% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 35.9% and no vendor patch available.

Microsoft XSS Sharepoint Server +1
NVD
EPSS 42% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft XSS Sharepoint Foundation
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy