Sharepoint Server Security Vulnerabilities and Issues — Page 2 of Sharepoint Server CVE List

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".

9.3CVSS8.2AI score0.44732EPSS

CVE•added 2020/05/21 11:15 p.m.•167 views

CVE-2020-1102

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024.

8.8CVSS8.3AI score0.46247EPSS

CVE•added 2023/05/09 6:15 p.m.•167 views

CVE-2023-24950

Microsoft SharePoint Server Spoofing Vulnerability

6.5CVSS6.5AI score0.33241EPSS

CVE•added 2020/04/15 3:15 p.m.•166 views

CVE-2020-0927

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925...

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2011/09/15 12:26 p.m.•165 views

CVE-2011-0653

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."

4.3CVSS5.5AI score0.47875EPSS

CVE•added 2021/08/12 6:15 p.m.•164 views

CVE-2021-36940

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS5.5AI score0.00973EPSS

CVE•added 2023/04/11 9:15 p.m.•162 views

CVE-2023-28288

Microsoft SharePoint Server Spoofing Vulnerability

8.1CVSS7.8AI score0.07487EPSS

CVE•added 2012/07/10 9:55 p.m.•160 views

CVE-2012-1863

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint R...

4.3CVSS5.4AI score0.61898EPSS

CVE•added 2021/07/14 6:15 p.m.•160 views

CVE-2021-34520

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.1AI score0.04801EPSS

CVE•added 2021/07/16 9:15 p.m.•158 views

CVE-2021-34467

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS7.5AI score0.01937EPSS

CVE•added 2021/07/14 6:15 p.m.•157 views

CVE-2021-34468

Microsoft SharePoint Server Remote Code Execution Vulnerability

8CVSS7.5AI score0.01861EPSS

CVE•added 2019/08/14 9:15 p.m.•155 views

CVE-2019-1201

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then...

9.3CVSS7.8AI score0.12398EPSS

CVE•added 2013/01/09 6:9 p.m.•154 views

CVE-2013-0007

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

9.3CVSS7.5AI score0.26376EPSS

CVE•added 2022/04/15 7:15 p.m.•154 views

CVE-2022-24472

Microsoft SharePoint Server Spoofing Vulnerability

8CVSS6.3AI score0.08455EPSS

CVE•added 2020/10/16 11:15 p.m.•153 views

CVE-2020-16945

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

8.7CVSS7.5AI score0.00452EPSS

CVE•added 2022/01/11 9:15 p.m.•152 views

CVE-2022-21840

Microsoft Office Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.09199EPSS

CVE•added 2021/03/11 4:15 p.m.•151 views

CVE-2021-24104

Microsoft SharePoint Server Spoofing Vulnerability

5.8CVSS4.9AI score0.00618EPSS

CVE•added 2021/06/08 11:15 p.m.•148 views

CVE-2021-26420

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS7.2AI score0.0542EPSS

CVE•added 2022/01/11 9:15 p.m.•148 views

CVE-2022-21842

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.01897EPSS

CVE•added 2012/07/10 9:55 p.m.•147 views

CVE-2012-1859

Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "...

4.3CVSS5.6AI score0.61898EPSS

CVE•added 2013/09/11 2:3 p.m.•146 views

CVE-2013-3848

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corrupti...

9.3CVSS7.5AI score0.61623EPSS

CVE•added 2020/12/10 12:15 a.m.•146 views

CVE-2020-17118

Microsoft SharePoint Remote Code Execution Vulnerability

10CVSS8.4AI score0.11171EPSS

CVE•added 2007/05/09 9:19 p.m.•145 views

CVE-2007-2581

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default....

4.3CVSS5.7AI score0.73346EPSS

CVE•added 2021/04/13 8:15 p.m.•145 views

CVE-2021-28453

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.0241EPSS

CVE•added 2016/06/16 1:59 a.m.•143 views

CVE-2016-0025

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Offi...

9.3CVSS7.2AI score0.2879EPSS

CVE•added 2023/01/10 10:15 p.m.•142 views

CVE-2023-21744

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.02247EPSS

CVE•added 2013/09/11 2:3 p.m.•140 views

CVE-2013-1330

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC D...

10CVSS7.4AI score0.67297EPSS

CVE•added 2021/03/11 4:15 p.m.•140 views

CVE-2021-27076

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.09034EPSS

CVE•added 2013/03/13 12:55 a.m.•138 views

CVE-2013-0084

Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."

7.5CVSS6.5AI score0.28777EPSS

CVE•added 2021/06/08 11:15 p.m.•138 views

CVE-2021-31966

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.2AI score0.13101EPSS

CVE•added 2021/05/11 7:15 p.m.•137 views

CVE-2021-26418

Microsoft SharePoint Server Spoofing Vulnerability

7.1CVSS5.2AI score0.00773EPSS

CVE•added 2021/05/11 7:15 p.m.•137 views

CVE-2021-31172

Microsoft SharePoint Server Spoofing Vulnerability

7.1CVSS6.8AI score0.04736EPSS

CVE•added 2021/01/12 8:15 p.m.•136 views

CVE-2021-1715

Microsoft Word Remote Code Execution Vulnerability

9.3CVSS7.8AI score0.0208EPSS

CVE•added 2021/07/14 6:15 p.m.•136 views

CVE-2021-34519

Microsoft SharePoint Server Information Disclosure Vulnerability

5.3CVSS5.2AI score0.01132EPSS

CVE•added 2020/12/10 12:15 a.m.•134 views

CVE-2020-17122

Microsoft Excel Remote Code Execution Vulnerability

9.3CVSS7.8AI score0.06001EPSS

CVE•added 2013/09/11 2:3 p.m.•133 views

CVE-2013-1315

Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (...

9.3CVSS7.6AI score0.69342EPSS

CVE•added 2020/03/12 4:15 p.m.•133 views

CVE-2020-0850

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.

8.8CVSS7.9AI score0.33652EPSS

CVE•added 2020/09/11 5:15 p.m.•133 views

CVE-2020-1198

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

7.4CVSS7AI score0.00518EPSS

CVE•added 2021/05/11 7:15 p.m.•133 views

CVE-2021-31173

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5CVSS5.6AI score0.02944EPSS

CVE•added 2024/04/09 5:15 p.m.•133 views

CVE-2024-26251

Microsoft SharePoint Server Spoofing Vulnerability

6.8CVSS8.8AI score0.00399EPSS

CVE•added 2020/12/10 12:15 a.m.•132 views

CVE-2020-17121

Microsoft SharePoint Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.13285EPSS

CVE•added 2013/09/11 2:3 p.m.•131 views

CVE-2013-0081

Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."

5CVSS6.4AI score0.60252EPSS

CVE•added 2020/06/09 8:15 p.m.•131 views

CVE-2020-1148

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1289.

5.4CVSS5.7AI score0.00605EPSS

CVE•added 2020/08/17 7:15 p.m.•131 views

CVE-2020-1583

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special documen...

8.8CVSS8AI score0.18011EPSS

CVE•added 2021/06/08 11:15 p.m.•131 views

CVE-2021-31963

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS7.2AI score0.05703EPSS

CVE•added 2012/07/10 9:55 p.m.•130 views

CVE-2012-1861

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script i...

4.3CVSS5.6AI score0.55935EPSS

CVE•added 2013/03/13 12:55 a.m.•130 views

CVE-2013-0080

Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."

7.5CVSS6.5AI score0.41937EPSS

Total number of security vulnerabilities460