Sharepoint Foundation Security Vulnerabilities and Issues — Page 3 of Sharepoint Foundation CVE List

Lucene search

MicrosoftSharepoint Foundation

226 matches found

CVE•added 2020/04/15 3:15 p.m.•104 views

CVE-2020-0923

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0924, CVE-2020-0925, CVE-2020-0926...

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2021/09/15 12:15 p.m.•104 views

CVE-2021-38652

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS5.2AI score0.01283EPSS

CVE•added 2021/01/12 8:15 p.m.•103 views

CVE-2021-1718

Microsoft SharePoint Server Tampering Vulnerability

8.8CVSS7.7AI score0.01536EPSS

CVE•added 2021/06/08 11:15 p.m.•103 views

CVE-2021-31948

Microsoft SharePoint Server Spoofing Vulnerability

8.1CVSS7.4AI score0.04957EPSS

CVE•added 2022/12/13 7:15 p.m.•103 views

CVE-2022-44690

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.3049EPSS

CVE•added 2020/11/11 7:15 a.m.•102 views

CVE-2020-17017

Microsoft SharePoint Information Disclosure Vulnerability

6.8CVSS6.4AI score0.04048EPSS

CVE•added 2022/10/11 7:15 p.m.•102 views

CVE-2022-41038

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.05429EPSS

CVE•added 2017/05/12 2:29 p.m.•101 views

CVE-2017-0255

Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".

5.4CVSS5.3AI score0.01164EPSS

CVE•added 2019/09/11 10:15 p.m.•101 views

CVE-2019-1259

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Micr...

8.8CVSS8.2AI score0.05041EPSS

CVE•added 2019/09/11 10:15 p.m.•101 views

CVE-2019-1260

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.

6.5CVSS7.2AI score0.11221EPSS

CVE•added 2020/10/16 11:15 p.m.•100 views

CVE-2020-16944

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successful...

8.7CVSS8.1AI score0.00584EPSS

CVE•added 2020/11/11 7:15 a.m.•100 views

CVE-2020-17061

Microsoft SharePoint Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.11137EPSS

CVE•added 2020/08/17 7:15 p.m.•99 views

CVE-2020-1499

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.The attacke...

5.5CVSS6.2AI score0.01717EPSS

CVE•added 2020/08/17 7:15 p.m.•99 views

CVE-2020-1573

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

5.5CVSS6.1AI score0.01125EPSS

CVE•added 2020/09/11 5:15 p.m.•99 views

CVE-2020-1595

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm accoun...

9.9CVSS9.3AI score0.00712EPSS

CVE•added 2022/02/09 5:15 p.m.•99 views

CVE-2022-21987

Microsoft SharePoint Server Spoofing Vulnerability

8CVSS8AI score0.05596EPSS

CVE•added 2019/04/09 9:29 p.m.•97 views

CVE-2019-0831

5.4CVSS5AI score0.00485EPSS

CVE•added 2021/01/12 8:15 p.m.•97 views

CVE-2021-1717

Microsoft SharePoint Server Spoofing Vulnerability

5.8CVSS5.5AI score0.00978EPSS

CVE•added 2020/04/15 3:15 p.m.•96 views

CVE-2020-0978

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2020/06/09 8:15 p.m.•96 views

CVE-2020-1320

5.4CVSS5.1AI score0.01048EPSS

CVE•added 2021/09/15 12:15 p.m.•96 views

CVE-2021-38651

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS5.2AI score0.0108EPSS

CVE•added 2020/09/11 5:15 p.m.•95 views

CVE-2020-1205

4.9CVSS6AI score0.01427EPSS

CVE•added 2020/06/09 8:15 p.m.•95 views

CVE-2020-1297

5.4CVSS5.1AI score0.01048EPSS

CVE•added 2020/10/16 11:15 p.m.•95 views

CVE-2020-16942

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.To take advantage of th...

4.4CVSS5.7AI score0.00323EPSS

CVE•added 2011/09/15 12:26 p.m.•94 views

CVE-2011-1892

Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1...

4CVSS6.1AI score0.53091EPSS

CVE•added 2019/05/16 7:29 p.m.•94 views

CVE-2019-0949

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951.

5.7CVSS5.4AI score0.0581EPSS

CVE•added 2020/08/17 7:15 p.m.•94 views

CVE-2020-1505

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit the vulnerability, an attacker would have...

5.5CVSS6.3AI score0.01174EPSS

CVE•added 2020/11/11 7:15 a.m.•94 views

CVE-2020-16979

Microsoft SharePoint Information Disclosure Vulnerability

6.5CVSS5.2AI score0.04048EPSS

CVE•added 2022/10/11 7:15 p.m.•94 views

CVE-2022-38053

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.52443EPSS

CVE•added 2016/09/14 10:59 a.m.•93 views

CVE-2016-3357

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automati...

9.3CVSS7.6AI score0.29428EPSS

CVE•added 2020/11/11 7:15 a.m.•93 views

CVE-2020-17015

Microsoft SharePoint Server Spoofing Vulnerability

6.5CVSS4.8AI score0.02613EPSS

CVE•added 2020/11/11 7:15 a.m.•93 views

CVE-2020-17016

Microsoft SharePoint Server Spoofing Vulnerability

8.8CVSS8AI score0.16892EPSS

CVE•added 2022/11/09 10:15 p.m.•93 views

CVE-2022-41062

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.0242EPSS

CVE•added 2019/06/12 2:29 p.m.•92 views

CVE-2019-1031

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

5.4CVSS5.1AI score0.00528EPSS

CVE•added 2020/05/21 11:15 p.m.•92 views

CVE-2020-1069

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

8.8CVSS8.4AI score0.34532EPSS

CVE•added 2020/05/21 11:15 p.m.•92 views

CVE-2020-1100

5.4CVSS5.1AI score0.01851EPSS

CVE•added 2020/09/11 5:15 p.m.•92 views

CVE-2020-1452

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint s...

8.6CVSS8.6AI score0.02127EPSS

CVE•added 2019/06/12 2:29 p.m.•91 views

CVE-2019-1036

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

5.4CVSS5.1AI score0.00528EPSS

CVE•added 2019/10/10 2:15 p.m.•91 views

CVE-2019-1328

5.4CVSS5.8AI score0.00595EPSS

CVE•added 2020/05/21 11:15 p.m.•91 views

CVE-2020-1103

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a mal...

6.5CVSS6.4AI score0.08862EPSS

CVE•added 2020/09/11 5:15 p.m.•91 views

CVE-2020-1460

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context...

8.8CVSS8.9AI score0.05283EPSS

CVE•added 2021/01/12 8:15 p.m.•91 views

CVE-2021-1712

Microsoft SharePoint Elevation of Privilege Vulnerability

8CVSS7.8AI score0.01091EPSS

CVE•added 2022/12/13 7:15 p.m.•91 views

CVE-2022-44693

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.03619EPSS

CVE•added 2020/04/15 3:15 p.m.•90 views

CVE-2020-0933

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2019/08/14 9:15 p.m.•89 views

CVE-2019-1202

An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user.To exploit this vulnerability, the attacker could run a specially crafted applicati...

4.4CVSS4.4AI score0.00599EPSS

CVE•added 2020/03/12 4:15 p.m.•89 views

CVE-2020-0891

5.4CVSS5.3AI score0.00622EPSS

CVE•added 2020/04/15 3:15 p.m.•89 views

CVE-2020-0924

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2020/09/11 5:15 p.m.•89 views

CVE-2020-1227

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

5.4CVSS6.4AI score0.0043EPSS

CVE•added 2020/09/11 5:15 p.m.•89 views

CVE-2020-1453

8.6CVSS8.6AI score0.01578EPSS

CVE•added 2020/08/17 7:15 p.m.•88 views

CVE-2020-1580

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

5.4CVSS6.1AI score0.00528EPSS

Total number of security vulnerabilities226