CVE-2018-0913

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

8.8HIGH

EPSS

9.9%

top 6.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Sharepoint Microsoft Project Server Microsoft Sharepoint Enterprise Server

Timeline

PublishedMar 14

Latest updateMay 13

Description

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDmicrosoft/sharepoint_enterprise_server2016

▶NVDmicrosoft/project_server2013

▶CVEListV5microsoft_corporation/microsoft_sharepointMicrosoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-mgj8-8wcp-4jw2: Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially c↗2022-05-13

▶

CVEList

CVE-2018-0913: Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially c↗2018-03-14

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Elevation of Privilege Vulnerability↗2018-03-13

▶

💬Community

Bugzilla

CVE-2018-1063 policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead↗2018-02-28

▶