CVE-2018-0799 — Cross-site Scripting in Corporation Microsoft Access

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.8%

top 26.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Access Microsoft Sharepoint Enterprise Server

Timeline

PublishedJan 10

Latest updateMay 14

Description

Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_enterprise_server2013, 2016+1

▶CVEListV5microsoft_corporation/microsoft_accessMicrosoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-hg9c-qg74-469r: Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vu↗2022-05-14

▶

CVEList

CVE-2018-0799: Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vu↗2018-01-10

▶

📋Vendor Advisories

Microsoft

Microsoft Access Tampering Vulnerability↗2018-01-09

▶