Medium severity5.4NVD Advisory· Published Oct 13, 2017· Updated May 13, 2026

CVE-2017-11820

Description

Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777.

Affected products

Microsoft/Sharepoint Enterprise Server2 versions
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
Microsoft Corporation/Microsoft SharePoint Enterprise Serverv5
Range: Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11820nvdPatchVendor Advisory
www.securityfocus.com/bid/101097nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039540nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000