CVE-2015-1636 — Cross-site Scripting in Microsoft Sharepoint Foundation

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

3.5LOWNVD

EPSS

7.9%

top 7.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Sharepoint Foundation Microsoft Sharepoint Server

Timeline

PublishedMar 11

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_server2013

▶NVDmicrosoft/sharepoint_foundation2013

🔴Vulnerability Details

GHSA

GHSA-h55j-hrr3-7qcw: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote au↗2022-05-14

▶

CVEList

CVE-2015-1636: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote au↗2015-03-11

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched↗2015-03-10

▶

Talos

Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched↗2015-03-10

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 03-10-2015↗

▶

💬Community

Bugzilla

CVE-2018-1000116 net-snmp: Heap corruption in snmp_pdu_parse function in snmplib/snmp_api.c↗2018-03-07

▶