Sharepoint Foundation
by Microsoft
CVEs (185)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6037 | 0.01 | — | 0.10 | Oct 14, 2015 | Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject… | |||
| CVE-2015-2522 | 0.01 | — | 0.10 | Sep 9, 2015 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka "Microsoft SharePoint XSS Spoofing Vulnerability." | |||
| CVE-2015-1700 | 0.01 | — | 0.12 | May 13, 2015 | Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities." | |||
| CVE-2015-1653 | 0.01 | — | 0.09 | Apr 14, 2015 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability." | |||
| CVE-2015-1636 | 0.01 | — | 0.07 | Mar 11, 2015 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability." | |||
| CVE-2015-1633 | 0.01 | — | 0.08 | Mar 11, 2015 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a… | |||
| CVE-2014-4116 | 0.01 | — | 0.09 | Nov 11, 2014 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability." | |||
| CVE-2014-2816 | 0.01 | — | 0.16 | Aug 12, 2014 | Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content… | |||
| CVE-2014-1754 | 0.01 | — | 0.11 | May 14, 2014 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script… | |||
| CVE-2014-0251 | 0.01 | — | 0.14 | May 14, 2014 | Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web… | |||
| CVE-2013-1289 | 0.01 | — | 0.15 | Apr 9, 2013 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization… | |||
| CVE-2013-0083 | 0.01 | — | 0.14 | Mar 13, 2013 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability." | |||
| CVE-2012-1861 | 0.01 | — | 0.15 | Jul 10, 2012 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka… | |||
| CVE-2012-0145 | 0.01 | — | 0.18 | Feb 14, 2012 | Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in… | |||
| CVE-2012-0144 | 0.01 | — | 0.18 | Feb 14, 2012 | Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in… | |||
| CVE-2012-0017 | 0.01 | — | 0.18 | Feb 14, 2012 | Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability." | |||
| CVE-2011-1893 | 0.01 | — | 0.17 | Sep 15, 2011 | Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." | |||
| CVE-2011-1891 | 0.01 | — | 0.17 | Sep 15, 2011 | Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details… | |||
| CVE-2011-0653 | 0.01 | — | 0.17 | Sep 15, 2011 | Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability." | |||
| CVE-2021-43242 | 0.00 | — | 0.01 | Dec 15, 2021 | Microsoft SharePoint Server Spoofing Vulnerability |
- CVE-2015-6037Oct 14, 2015risk 0.01cvss —epss 0.10
Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject…
- CVE-2015-2522Sep 9, 2015risk 0.01cvss —epss 0.10
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka "Microsoft SharePoint XSS Spoofing Vulnerability."
- CVE-2015-1700May 13, 2015risk 0.01cvss —epss 0.12
Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."
- CVE-2015-1653Apr 14, 2015risk 0.01cvss —epss 0.09
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
- CVE-2015-1636Mar 11, 2015risk 0.01cvss —epss 0.07
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
- CVE-2015-1633Mar 11, 2015risk 0.01cvss —epss 0.08
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a…
- CVE-2014-4116Nov 11, 2014risk 0.01cvss —epss 0.09
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."
- CVE-2014-2816Aug 12, 2014risk 0.01cvss —epss 0.16
Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content…
- CVE-2014-1754May 14, 2014risk 0.01cvss —epss 0.11
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script…
- CVE-2014-0251May 14, 2014risk 0.01cvss —epss 0.14
Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web…
- CVE-2013-1289Apr 9, 2013risk 0.01cvss —epss 0.15
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization…
- CVE-2013-0083Mar 13, 2013risk 0.01cvss —epss 0.14
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
- CVE-2012-1861Jul 10, 2012risk 0.01cvss —epss 0.15
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka…
- CVE-2012-0145Feb 14, 2012risk 0.01cvss —epss 0.18
Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in…
- CVE-2012-0144Feb 14, 2012risk 0.01cvss —epss 0.18
Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in…
- CVE-2012-0017Feb 14, 2012risk 0.01cvss —epss 0.18
Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
- CVE-2011-1893Sep 15, 2011risk 0.01cvss —epss 0.17
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
- CVE-2011-1891Sep 15, 2011risk 0.01cvss —epss 0.17
Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details…
- CVE-2011-0653Sep 15, 2011risk 0.01cvss —epss 0.17
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
- CVE-2021-43242Dec 15, 2021risk 0.00cvss —epss 0.01
Microsoft SharePoint Server Spoofing Vulnerability
Page 5 of 10