CVE-2014-4116 — Cross-site Scripting in Microsoft Sharepoint Foundation
Severity
4.3MEDIUMNVD
EPSS
12.3%
top 6.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 11
Latest updateMay 14
Description
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-mh5r-j3qx-g2vw: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script↗2022-05-14
CVEList▶
CVE-2014-4116: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script↗2014-11-11