CVE-2017-8629 — Cross-site Scripting in Corporation Microsoft Sharepoint Server

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.9%

top 24.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Sharepoint Server Microsoft Sharepoint Server

Timeline

PublishedSep 13

Latest updateMay 17

Description

Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_server2013

▶CVEListV5microsoft_corporation/microsoft_sharepoint_serverMicrosoft SharePoint Server 2013 Service Pack 1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-rgvr-75f6-hq78: Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted↗2022-05-17

▶

CVEList

CVE-2017-8629: Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted↗2017-09-13

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Elevation of Privilege Vulnerability↗2017-09-12

▶

💬Community

Bugzilla

CVE-2016-8629 keycloak: user deletion via incorrect permissions check↗2016-10-26

▶