CVE-2017-8514 — Cross-site Scripting in Corporation Microsoft Sharepoint

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.7%

top 28.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Sharepoint Microsoft Sharepoint Enterprise Server

Timeline

PublishedJun 15

Latest updateMay 14

Description

An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_enterprise_server2016

▶CVEListV5microsoft_corporation/microsoft_sharepointMicrosoft SharePoint Enterprise Server 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-66w4-rgqr-wwr6: An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Micros↗2022-05-14

▶

CVEList

CVE-2017-8514: An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Micros↗2017-06-15

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible SharePoint XSS (CVE-2017-8514) Inbound↗2017-06-19

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Reflective XSS Vulnerability↗2017-06-13

▶