Sharepoint Foundation Security Vulnerabilities and Issues — Page 4 of Sharepoint Foundation CVE List

Lucene search

MicrosoftSharepoint Foundation

230 matches found

CVE•added 2019/08/14 9:15 p.m.•87 views

CVE-2019-1202

An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user.To exploit this vulnerability, the attacker could run a specially crafted applicati...

4.4CVSS4.4AI score0.00599EPSS

CVE•added 2020/08/17 7:15 p.m.•87 views

CVE-2020-1580

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

5.4CVSS6.1AI score0.00528EPSS

CVE•added 2021/10/13 1:15 a.m.•86 views

CVE-2021-40484

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS5.4AI score0.06439EPSS

CVE•added 2020/09/11 5:15 p.m.•85 views

CVE-2020-1200

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoin...

8.6CVSS8.6AI score0.01578EPSS

CVE•added 2020/09/11 5:15 p.m.•85 views

CVE-2020-1514

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoi...

5.4CVSS6.4AI score0.00416EPSS

CVE•added 2021/02/25 11:15 p.m.•85 views

CVE-2021-24071

Microsoft SharePoint Information Disclosure Vulnerability

6.5CVSS5.7AI score0.08862EPSS

CVE•added 2019/10/10 2:15 p.m.•84 views

CVE-2019-1070

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

5.4CVSS5.2AI score0.0125EPSS

CVE•added 2019/03/06 12:0 a.m.•83 views

CVE-2019-0670

A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.

6.1CVSS7.4AI score0.00506EPSS

CVE•added 2020/04/15 3:15 p.m.•83 views

CVE-2020-0925

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0926...

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2020/04/15 3:15 p.m.•83 views

CVE-2020-0975

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0976, CVE-2020-0977.

5.4CVSS5.3AI score0.00612EPSS

CVE•added 2020/05/21 11:15 p.m.•83 views

CVE-2020-1106

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101...

6.1CVSS5.1AI score0.01851EPSS

CVE•added 2020/06/09 8:15 p.m.•83 views

CVE-2020-1298

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297...

5.4CVSS5.1AI score0.00773EPSS

CVE•added 2020/09/11 5:15 p.m.•83 views

CVE-2020-1576

8.8CVSS8.6AI score0.00403EPSS

CVE•added 2022/09/13 7:15 p.m.•83 views

CVE-2022-38009

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.04734EPSS

CVE•added 2019/09/11 10:15 p.m.•82 views

CVE-2019-1296

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.

8.8CVSS8.8AI score0.38462EPSS

CVE•added 2019/11/12 7:15 p.m.•82 views

CVE-2019-1443

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The secu...

6.5CVSS5.8AI score0.15084EPSS

CVE•added 2020/06/09 8:15 p.m.•82 views

CVE-2020-1183

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1297, CVE-2020-1298...

5.4CVSS5.1AI score0.00773EPSS

CVE•added 2020/09/11 5:15 p.m.•82 views

CVE-2020-1482

6.3CVSS6.7AI score0.00438EPSS

CVE•added 2019/09/11 10:15 p.m.•81 views

CVE-2019-1257

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.

8.8CVSS8.8AI score0.38462EPSS

CVE•added 2020/04/15 3:15 p.m.•81 views

CVE-2020-0972

5.4CVSS5.3AI score0.00612EPSS

CVE•added 2020/05/21 11:15 p.m.•81 views

CVE-2020-1024

8.8CVSS8.3AI score0.46247EPSS

CVE•added 2019/04/09 9:29 p.m.•80 views

CVE-2019-0830

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0831.

5.4CVSS5AI score0.00578EPSS

CVE•added 2020/05/21 11:15 p.m.•80 views

CVE-2020-1101

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106...

5.4CVSS5.1AI score0.01851EPSS

CVE•added 2020/07/14 11:15 p.m.•80 views

CVE-2020-1443

5.4CVSS6.9AI score0.01514EPSS

CVE•added 2019/05/16 7:29 p.m.•79 views

CVE-2019-0951

5.4CVSS5.4AI score0.07161EPSS

CVE•added 2022/09/13 7:15 p.m.•79 views

CVE-2022-38008

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.04734EPSS

CVE•added 2014/05/14 11:13 a.m.•78 views

CVE-2014-1754

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.3CVSS4.9AI score0.1316EPSS

CVE•added 2019/05/16 7:29 p.m.•78 views

CVE-2019-0958

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957.

8.8CVSS8.4AI score0.09363EPSS

CVE•added 2020/05/21 11:15 p.m.•78 views

CVE-2020-1104

5.4CVSS5.4AI score0.00675EPSS

CVE•added 2022/09/13 7:15 p.m.•78 views

CVE-2022-35823

Microsoft SharePoint Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.36344EPSS

CVE•added 2019/05/16 7:29 p.m.•77 views

CVE-2019-0950

5.7CVSS5.4AI score0.07161EPSS

CVE•added 2020/05/21 11:15 p.m.•77 views

CVE-2020-1105

5.4CVSS5.4AI score0.00675EPSS

CVE•added 2020/09/11 5:15 p.m.•77 views

CVE-2020-1575

5.4CVSS6.1AI score0.0043EPSS

CVE•added 2021/12/15 3:15 p.m.•77 views

CVE-2021-43242

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS6.4AI score0.00826EPSS

CVE•added 2010/09/17 6:0 p.m.•76 views

CVE-2010-3324

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting ...

4.3CVSS7.4AI score0.44933EPSS

CVE•added 2018/01/10 1:29 a.m.•76 views

CVE-2018-0790

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0789.

8.8CVSS8.5AI score0.14659EPSS

CVE•added 2018/11/14 1:29 a.m.•76 views

CVE-2018-8568

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoin...

5.4CVSS6.3AI score0.00427EPSS

CVE•added 2019/06/12 2:29 p.m.•76 views

CVE-2019-1033

5.4CVSS5.1AI score0.00528EPSS

CVE•added 2019/10/10 2:15 p.m.•76 views

CVE-2019-1330

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.

6.5CVSS5.8AI score0.12558EPSS

CVE•added 2017/09/13 1:29 a.m.•75 views

CVE-2017-8745

An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability".

5.4CVSS5.7AI score0.01286EPSS

CVE•added 2019/05/16 7:29 p.m.•75 views

CVE-2019-0952

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

8.8CVSS8.9AI score0.37197EPSS

CVE•added 2019/10/10 2:15 p.m.•75 views

CVE-2019-1329

5.4CVSS5.9AI score0.12558EPSS

CVE•added 2020/06/09 8:15 p.m.•75 views

CVE-2020-1318

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297...

5.4CVSS5.1AI score0.00773EPSS

CVE•added 2015/05/13 10:59 a.m.•74 views

CVE-2015-1682

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word...

9.3CVSS7.4AI score0.28203EPSS

CVE•added 2016/04/12 11:59 p.m.•74 views

CVE-2016-0136

Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerabili...

9.3CVSS7.8AI score0.40637EPSS

CVE•added 2019/05/16 7:29 p.m.•73 views

CVE-2019-0956

An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'.

6.5CVSS6.2AI score0.10949EPSS

CVE•added 2021/12/15 3:15 p.m.•73 views

CVE-2021-42294

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.8AI score0.00685EPSS

CVE•added 2014/05/14 11:13 a.m.•72 views

CVE-2014-0251

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gol...

9CVSS7.2AI score0.15421EPSS

CVE•added 2017/03/17 12:59 a.m.•72 views

CVE-2017-0107

Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability."

6.1CVSS5.5AI score0.02318EPSS

CVE•added 2015/03/11 10:59 a.m.•70 views

CVE-2015-0085

Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer,...

9.3CVSS7.4AI score0.34099EPSS

Total number of security vulnerabilities230