SharePoint
by Microsoft
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8551 | Med | 0.40 | 6.1 | 0.01 | Jun 15, 2017 | An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability". | ||
| CVE-2017-8514 | Med | 0.35 | 5.4 | 0.01 | Jun 15, 2017 | An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability". | ||
| CVE-2019-0604 | 0.29 | — | 0.94 | KEV | Mar 6, 2019 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594. | ||
| CVE-2021-31181 | 0.06 | — | 0.41 | May 11, 2021 | Microsoft SharePoint Remote Code Execution Vulnerability | |||
| CVE-2022-35823 | 0.03 | — | 0.38 | Sep 13, 2022 | Microsoft SharePoint Remote Code Execution Vulnerability | |||
| CVE-2023-33157 | 0.01 | — | 0.06 | Jul 11, 2023 | Microsoft SharePoint Remote Code Execution Vulnerability | |||
| CVE-2020-17121 | 0.01 | — | 0.13 | Dec 9, 2020 | Microsoft SharePoint Remote Code Execution Vulnerability | |||
| CVE-2020-17120 | 0.01 | — | 0.13 | Dec 9, 2020 | Microsoft SharePoint Information Disclosure Vulnerability | |||
| CVE-2020-17118 | 0.01 | — | 0.09 | Dec 9, 2020 | Microsoft SharePoint Remote Code Execution Vulnerability | |||
| CVE-2015-1633 | 0.01 | — | 0.08 | Mar 11, 2015 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a… | |||
| CVE-2008-5026 | 0.01 | — | 0.15 | Nov 10, 2008 | Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS)… | |||
| CVE-2020-17089 | 0.00 | — | 0.06 | Dec 9, 2020 | Microsoft SharePoint Elevation of Privilege Vulnerability | |||
| CVE-2018-8568 | 0.00 | — | 0.01 | Nov 14, 2018 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server,… | |||
| CVE-2010-0716 | 0.00 | — | 0.05 | Feb 26, 2010 | _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage… |
- risk 0.40cvss 6.1epss 0.01
An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability".
- risk 0.35cvss 5.4epss 0.01
An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability".
- risk 0.29cvss —epss 0.94
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
- CVE-2021-31181May 11, 2021risk 0.06cvss —epss 0.41
Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2022-35823Sep 13, 2022risk 0.03cvss —epss 0.38
Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2023-33157Jul 11, 2023risk 0.01cvss —epss 0.06
Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2020-17121Dec 9, 2020risk 0.01cvss —epss 0.13
Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2020-17120Dec 9, 2020risk 0.01cvss —epss 0.13
Microsoft SharePoint Information Disclosure Vulnerability
- CVE-2020-17118Dec 9, 2020risk 0.01cvss —epss 0.09
Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2015-1633Mar 11, 2015risk 0.01cvss —epss 0.08
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a…
- CVE-2008-5026Nov 10, 2008risk 0.01cvss —epss 0.15
Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS)…
- CVE-2020-17089Dec 9, 2020risk 0.00cvss —epss 0.06
Microsoft SharePoint Elevation of Privilege Vulnerability
- CVE-2018-8568Nov 14, 2018risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server,…
- CVE-2010-0716Feb 26, 2010risk 0.00cvss —epss 0.05
_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage…