Skip to main content

Sharepoint Server

449 CVEs product

Monthly

CVE-2021-1715 HIGH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Memory Corruption RCE 365 Apps +7
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2021-1712 HIGH This Week

Microsoft SharePoint Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.0
EPSS
2.2%
CVE-2021-1707 HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2021-1641 MEDIUM This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.6
EPSS
1.8%
CVE-2020-17122 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Office Office Web Apps Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2020-17121 HIGH PATCH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-17120 MEDIUM PATCH This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.3
EPSS
3.0%
CVE-2020-17118 HIGH PATCH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.1
EPSS
3.7%
CVE-2020-17115 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.0
EPSS
2.6%
CVE-2020-17089 HIGH PATCH This Week

Microsoft SharePoint Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.1
EPSS
2.8%
CVE-2020-17061 HIGH PATCH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2020-17060 MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.7%
CVE-2020-17017 MEDIUM PATCH This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.3
EPSS
3.5%
CVE-2020-17016 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.0
EPSS
3.0%
CVE-2020-17015 MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.3
EPSS
1.9%
CVE-2020-16979 MEDIUM PATCH This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.3
EPSS
2.9%
CVE-2020-16953 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2020-16952 HIGH POC PATCH THREAT Act Now

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.6
EPSS
70.9%
CVE-2020-16951 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-16950 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Sharepoint Server
NVD
CVSS 3.1
5.0
EPSS
4.2%
CVE-2020-16948 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2020-16946 HIGH PATCH This Week

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Designer Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.7
EPSS
1.6%
CVE-2020-16945 HIGH PATCH This Week

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.7
EPSS
1.7%
CVE-2020-16944 HIGH PATCH This Week

<p>This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.</p> <p>An authenticated attacker could exploit this. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.7
EPSS
1.6%
CVE-2020-16942 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. Rated medium severity (CVSS 4.1).

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.1
EPSS
0.9%
CVE-2020-16941 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. Rated medium severity (CVSS 4.1).

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.1
EPSS
0.9%
CVE-2020-16929 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Microsoft Use After Free Memory Corruption RCE 365 Apps +7
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-1595 CRITICAL PATCH Act Now

<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Deserialization Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
9.9
EPSS
2.0%
CVE-2020-1576 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.5
EPSS
1.6%
CVE-2020-1523 HIGH PATCH This Week

<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Server
NVD
CVSS 3.1
8.9
EPSS
2.2%
CVE-2020-1514 MEDIUM PATCH This Month

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1482 MEDIUM PATCH This Month

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
6.3
EPSS
2.0%
CVE-2020-1460 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.6
EPSS
3.7%
CVE-2020-1453 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.6
EPSS
2.1%
CVE-2020-1452 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.6
EPSS
2.1%
CVE-2020-1440 MEDIUM PATCH This Month

<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
6.3
EPSS
1.8%
CVE-2020-1345 HIGH PATCH This Week

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.4
EPSS
2.7%
CVE-2020-1338 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Online Server +1
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-1335 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +3
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-1227 MEDIUM PATCH This Month

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1218 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Online Server +4
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2020-1210 CRITICAL PATCH Act Now

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2020-1205 MEDIUM PATCH This Month

<p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.6
EPSS
1.8%
CVE-2020-1200 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-1198 HIGH PATCH This Week

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.4
EPSS
2.7%
CVE-2020-1583 HIGH PATCH This Week

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Online Server +4
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2020-1580 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1573 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Designer Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-1505 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-1503 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Online Server +4
NVD
CVSS 3.1
5.5
EPSS
4.6%
CVE-2020-1502 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Online Server +1
NVD
CVSS 3.1
5.5
EPSS
4.6%
CVE-2020-1501 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.7%
CVE-2020-1500 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.8%
CVE-2020-1499 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.8%
CVE-2020-1495 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +3
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2020-1456 MEDIUM POC PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
2.2%
CVE-2020-1454 MEDIUM PATCH This Month

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1451 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1450 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1448 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office Office Online Server Office Web Apps +4
NVD
CVSS 3.1
8.8
EPSS
10.0%
CVE-2020-1447 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Online Server +5
NVD
CVSS 3.1
8.8
EPSS
10.7%
CVE-2020-1446 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Online Server +5
NVD
CVSS 3.1
8.8
EPSS
11.3%
CVE-2020-1444 MEDIUM PATCH This Month

A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.3
EPSS
9.1%
CVE-2020-1443 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.7%
CVE-2020-1439 HIGH PATCH This Week

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft RCE Deserialization Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
20.3%
CVE-2020-1342 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure 365 Apps Office +5
NVD
CVSS 3.1
5.5
EPSS
6.4%
CVE-2020-1147 NuGet HIGH POC KEV PATCH THREAT Act Now

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Net Core Net Framework Sharepoint Enterprise Server +3
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
94.2%
CVE-2020-1025 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Lync Sharepoint Enterprise Server Sharepoint Foundation +2
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2020-1323 MEDIUM PATCH This Month

An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Open Redirect Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2020-1320 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-1318 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-1298 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-1297 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-1295 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-1183 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-1181 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
69.3%
CVE-2020-1178 HIGH PATCH This Week

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka 'Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-1177 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-1148 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-1107 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-1106 MEDIUM POC PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
6.1
EPSS
3.1%
CVE-2020-1105 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1104 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1103 MEDIUM PATCH This Month

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-1102 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
15.1%
CVE-2020-1101 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1100 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1099 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1069 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

RCE Null Pointer Dereference Denial Of Service Microsoft Sharepoint Enterprise Server +2
NVD
CVSS 3.1
8.8
EPSS
9.9%
CVE-2020-1024 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
10.4%
EPSS 4% CVSS 7.8
HIGH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Memory Corruption +9
NVD
EPSS 2% CVSS 8.0
HIGH This Week

Microsoft SharePoint Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sharepoint Enterprise Server +2
NVD
EPSS 4% CVSS 8.8
HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 4.6
MEDIUM This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sharepoint Enterprise Server +2
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Office +2
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sharepoint Foundation +1
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Foundation +1
NVD
EPSS 4% CVSS 8.1
HIGH PATCH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Foundation +1
NVD
EPSS 3% CVSS 8.0
HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Foundation +1
NVD
EPSS 3% CVSS 7.1
HIGH PATCH This Week

Microsoft SharePoint Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Foundation +1
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sharepoint Foundation +1
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server +1
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Enterprise Server +2
NVD
EPSS 3% CVSS 8.0
HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server +2
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Enterprise Server +2
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server +2
NVD
EPSS 71% CVSS 8.6
HIGH POC PATCH THREAT Act Now

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 4% CVSS 5.0
MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Sharepoint Server
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 8.7
HIGH PATCH This Week

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Designer +3
NVD
EPSS 2% CVSS 8.7
HIGH PATCH This Week

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 8.7
HIGH PATCH This Week

<p>This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.</p> <p>An authenticated attacker could exploit this. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 1% CVSS 4.1
MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. Rated medium severity (CVSS 4.1).

Microsoft Information Disclosure Sharepoint Enterprise Server +2
NVD
EPSS 1% CVSS 4.1
MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. Rated medium severity (CVSS 4.1).

Microsoft Information Disclosure Sharepoint Enterprise Server +2
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Microsoft Use After Free Memory Corruption +9
NVD
EPSS 2% CVSS 9.9
CRITICAL PATCH Act Now

<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Deserialization +3
NVD
EPSS 2% CVSS 8.5
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

RCE Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 8.9
HIGH PATCH This Week

<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Server
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 6.3
MEDIUM PATCH This Month

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 4% CVSS 8.6
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 8.6
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 8.6
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 6.3
MEDIUM PATCH This Month

<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server +1
NVD
EPSS 3% CVSS 7.4
HIGH PATCH This Week

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +3
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +5
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +6
NVD
EPSS 2% CVSS 9.9
CRITICAL PATCH Act Now

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 4.6
MEDIUM PATCH This Month

<p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 8.6
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 3% CVSS 7.4
HIGH PATCH This Week

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps +6
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Designer +3
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server +2
NVD
EPSS 5% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps +6
NVD
EPSS 5% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps +3
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Microsoft Sharepoint Enterprise Server +1
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps +5
NVD
EPSS 2% CVSS 5.4
MEDIUM POC PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microsoft Sharepoint Enterprise Server +1
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +1
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +1
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +1
NVD
EPSS 10% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office +6
NVD
EPSS 11% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps +7
NVD
EPSS 11% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps +7
NVD
EPSS 9% CVSS 4.3
MEDIUM PATCH This Month

A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server +2
NVD
EPSS 20% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft RCE Deserialization +3
NVD
EPSS 6% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure +7
NVD
EPSS 94% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Net Core +5
NVD Exploit-DB
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Lync +4
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Open Redirect Sharepoint Enterprise Server +1
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 69% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka 'Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 3% CVSS 6.1
MEDIUM POC PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +1
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Microsoft Information Disclosure +3
NVD
EPSS 15% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft +2
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +2
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server +1
NVD
EPSS 10% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

RCE Null Pointer Dereference Denial Of Service +4
NVD
EPSS 10% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft +3
NVD
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy