CVE-2017-8569 — Cross-site Scripting in Corporation Microsoft Sharepoint Enterprise Server 2016

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

8.8HIGHNVD

EPSS

14.5%

top 5.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server

Timeline

PublishedJul 11

Latest updateMay 13

Description

Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_server2016

▶CVEListV5microsoft_corporation/microsoft_sharepoint_enterprise_server_2016Microsoft SharePoint Enterprise Server 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-hq49-pqh6-q532: Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affe↗2022-05-13

▶

CVEList

CVE-2017-8569: Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affe↗2017-07-11

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Elevation of Privilege Vulnerability↗2017-07-11

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - July 2017↗2017-07-11

▶