CVE-2017-11820 — Cross-site Scripting in Corporation Microsoft Sharepoint Enterprise Server
Severity
5.4MEDIUMNVD
EPSS
0.9%
top 25.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 13
Latest updateMay 17
Description
Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7
Affected Packages2 packages
▶CVEListV5microsoft_corporation/microsoft_sharepoint_enterprise_serverMicrosoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016
Patches
🔴Vulnerability Details
6GHSA▶
GHSA-389r-v5pg-54r7: Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (X↗2022-05-17
GHSA▶
GHSA-557j-q8f6-hw9g: Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (X↗2022-05-17
GHSA▶
GHSA-g5mf-9jgg-r5w7: Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (X↗2022-05-17
CVEList▶
CVE-2017-11820: Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (X↗2017-10-13
CVEList▶
CVE-2017-11777: Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (X↗2017-10-13