CVE-2015-1633 — Cross-site Scripting in Microsoft Sharepoint Foundation

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

3.5LOWNVD

EPSS

7.9%

top 7.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Sharepoint Foundation Microsoft Sharepoint Server

Timeline

PublishedMar 11

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_server2010, 2013+1

▶NVDmicrosoft/sharepoint_foundation2010, 2013+1

🔴Vulnerability Details

GHSA

GHSA-wqrh-4ff2-5vpc: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and↗2022-05-14

▶

CVEList

CVE-2015-1633: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and↗2015-03-11

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched↗2015-03-10

▶

Talos

Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched↗2015-03-10

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 03-10-2015↗

▶