CVE-2015-2522 — Cross-site Scripting in Microsoft Sharepoint Foundation

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

3.5LOWNVD

EPSS

8.6%

top 7.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Sharepoint Foundation

Timeline

PublishedSep 9

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka "Microsoft SharePoint XSS Spoofing Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/sharepoint_foundation2013

🔴Vulnerability Details

GHSA

GHSA-vrqf-gjgv-jp9f: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script↗2022-05-14

▶

CVEList

CVE-2015-2522: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script↗2015-09-09

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - September 2015↗2015-09-08

▶

Talos

Microsoft Patch Tuesday - September 2015↗2015-09-08

▶

💬Community

Bugzilla

CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion↗2016-01-25

▶