CVE-2017-8551

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.9%

top 24.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Sharepoint Microsoft Project Server

Timeline

PublishedJun 15

Latest updateMay 14

Description

An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5microsoft_corporation/microsoft_sharepointMicrosoft Project Server 2013 Service Pack 1

▶NVDmicrosoft/project_server2013

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-8cr9-r7p7-cphf: An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Micros↗2022-05-14

▶

CVEList

CVE-2017-8551: An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Micros↗2017-06-15

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Elevation of Privilege Vulnerability↗2017-06-13

▶