Описание
Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
FAQ
How could an attacker exploit the vulnerability?
An attacker who successfully exploited this vulnerability might be able to run their scripts in the security context of the current user by enticing the user to click on a link resulting in a cross-site scripting attack on the SharePoint Server.
According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?
The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Server Subscription Edition |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.8 High
CVSS3
Связанные уязвимости
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Уязвимость пакета программ Microsoft SharePoint Server, связанная с недостаточной защитой структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки
EPSS
8.8 High
CVSS3