CVE-2018-8299

CWE-79 — Cross-site Scripting (XSS)6 documents5 sources

Severity

5.4MEDIUM

EPSS

0.8%

top 26.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Sharepoint Microsoft Sharepoint Enterprise Server Microsoft Sharepoint Foundation

Timeline

PublishedJul 11

Latest updateMay 14

Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDmicrosoft/sharepoint_enterprise_server2013, 2016+1

▶CVEListV5microsoft/microsoft_sharepointEnterprise Server 2013 Service Pack 1, Enterprise Server 2016, Foundation 2013 Service Pack 1+2

▶NVDmicrosoft/sharepoint_foundation2013

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-63pf-mxwv-9gjv: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affec↗2022-05-14

▶

CVEList

CVE-2018-8299: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affec↗2018-07-11

▶

💥Exploits & PoCs

Exploit-DB

OpenCMS 10.5.3 - Cross-Site Request Forgery↗2018-04-02

▶

Exploit-DB

OpenCMS 10.5.3 - Cross-Site Scripting↗2018-04-02

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Elevation of Privilege Vulnerability↗2018-07-10

▶