Cross-Site Scripting in Microsoft Office SharePoint

HIGH (8.8)
cwe-79cross-site-scriptingcsrfmicrosoftsharepointweb-server

Threat Intelligence

Low Risk
EPSS Score: 0.09% chance of exploitation (percentile: 27%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Microsoft Office SharePoint is a web-based platform used for document management and collaboration. This vulnerability allows an attacker to inject malicious JavaScript code into user-generated content, potentially leading to unauthorized access to sensitive data or system compromise.

Am I affected?

You're affected if you use Improper neutralization of. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

How to fix

  1. Apply the security update from Microsoft Security Response Center: https://www.microsoft.com/en-us/security/center/updates/patch
  2. Immediately restrict network access to your SharePoint instance (firewall it from the public internet) as a temporary measure until you can apply the security update.

References