CVE-2015-6039Cross-site Scripting in Microsoft Sharepoint Foundation

CWE-79Cross-site Scripting5 documents4 sources
Severity
3.5LOWNVD
EPSS
6.6%
top 8.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Sharepoint FoundationMicrosoft Sharepoint Server
Timeline
PublishedOct 14
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Microsoft SharePoint Security Feature Bypass Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-8cxj-j2xx-w787: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users2022-05-14
CVEList
CVE-2015-6039: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users2015-10-14

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - October 20152015-10-13
Talos
Microsoft Patch Tuesday - October 20152015-10-13
CVE-2015-6039 — Cross-site Scripting in Microsoft | cvebase