CVE-2018-0947 — Cross-site Scripting in Corporation Microsoft Sharepoint

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

8.8HIGHNVD

EPSS

9.9%

top 6.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Sharepoint Microsoft Sharepoint Enterprise Server

Timeline

PublishedMar 14

Latest updateMay 13

Description

Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0944.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_enterprise_server2013, 2016+1

▶CVEListV5microsoft_corporation/microsoft_sharepointMicrosoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-8qgr-r873-jgmf: Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how spec↗2022-05-13

▶

CVEList

CVE-2018-0947: Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how spec↗2018-03-14

▶

📋Vendor Advisories

Microsoft

Microsoft Sharepoint Elevation of Privilege Vulnerability↗2018-03-13

▶