CVE-2015-6117
published 2016-01-13CVE-2015-6117: Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature Bypass," a different vulnerability than CVE-2016-0011.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | sharepoint_foundation | — | — |
| microsoft | sharepoint_server | — | — |
| msrc | microsoft_sharepoint_foundation_2013 | — | — |
| msrc | microsoft_sharepoint_foundation_2013_service_pack_1 | — | — |
| msrc | microsoft_sharepoint_online | — | — |
| msrc | microsoft_sharepoint_server_2013 | — | — |
| msrc | microsoft_sharepoint_server_2013_service_pack_1 | — | — |