CVE-2016-0011Cross-site Scripting in Microsoft Sharepoint Foundation

CWE-79Cross-site Scripting10 documents6 sources
Severity
6.1MEDIUMNVD
NVD5.4
EPSS
1.2%
top 21.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Sharepoint FoundationMicrosoft Sharepoint Server
Timeline
PublishedJan 13
Latest updateMay 14

Description

Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature Bypass," a different vulnerability than CVE-2015-6117.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

4
GHSA
GHSA-jxpv-fgvw-ffh8: Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy rest2022-05-14
GHSA
GHSA-rmv4-6hfh-r5w5: Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy rest2022-05-14
CVEList
CVE-2016-0011: Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy rest2016-01-13
CVEList
CVE-2015-6117: Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy rest2016-01-13

💥Exploits & PoCs

1
Exploit-DB
BMC BladeLogic 8.3.00.64 - Remote Command Execution2018-01-26

📋Vendor Advisories

1
Microsoft
CVE-2016-0011: Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No2016-01-12

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - January 20162016-01-12
Talos
Microsoft Patch Tuesday - January 20162016-01-12
CVE-2016-0011 — Cross-site Scripting in Microsoft | cvebase