CVE-2018-0917 — Cross-site Scripting in Corporation Microsoft Sharepoint

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

8.8HIGHNVD

EPSS

9.9%

top 6.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Sharepoint Microsoft Sharepoint Enterprise Server

Timeline

PublishedMar 14

Latest updateMay 13

Description

Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_enterprise_server2016

▶CVEListV5microsoft_corporation/microsoft_sharepointMicrosoft SharePoint Enterprise Server 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-r7gq-p7qv-9889: Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, ak↗2022-05-13

▶

CVEList

CVE-2018-0917: Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, ak↗2018-03-14

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Elevation of Privilege Vulnerability↗2018-03-13

▶