CVE-2018-0864Cross-site Scripting in Microsoft Sharepoint Server

CWE-79Cross-site Scripting6 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
1.4%
top 19.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Sharepoint Server
Timeline
PublishedFeb 15
Latest updateMay 14

Description

SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

NVDmicrosoft/sharepoint_server2013, 2016+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-m3xj-hgvj-xq3h: SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled2022-05-14
CVEList
CVE-2018-0864: SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled2018-02-15

📋Vendor Advisories

1
Microsoft
Microsoft SharePoint Elevation of Privilege Vulnerability2018-02-13

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - February 20182018-02-13
Talos
Microsoft Patch Tuesday - February 20182018-02-13
CVE-2018-0864 — Cross-site Scripting in Microsoft | cvebase