CVE-2026-20945: Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform…

medium5.4CVSS 3.1

AVNACLPRLUIRSCCLILAN

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Affected

6 ranges

Vendor	Product	Version range	Fixed in
microsoft	microsoft_sharepoint_enterprise_server_2016	>= 16.0.0 < 16.0.5548.1003	16.0.5548.1003
microsoft	microsoft_sharepoint_server_2019	>= 16.0.0 < 16.0.10417.20114	16.0.10417.20114
microsoft	microsoft_sharepoint_server_subscription_edition	>= 16.0.0 < 16.0.19725.20210	16.0.19725.20210
microsoft	sharepoint_server	< 16.0.19725.20210	16.0.19725.20210
microsoft	sharepoint_server	—	—
microsoft	sharepoint_server	—	—