CVE-2026-20959: Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform…

medium5.4CVSS 3.1

AVNACLPRLUIRSCCLILAN

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Affected

9 ranges

Vendor	Product	Version range	Fixed in
microsoft	microsoft_sharepoint_enterprise_server_2016	>= 16.0.0 < 16.0.5535.1001	16.0.5535.1001
microsoft	microsoft_sharepoint_server_2019	>= 16.0.0 < 16.0.10417.20083	16.0.10417.20083
microsoft	microsoft_sharepoint_server_subscription_edition	>= 16.0.0 < 16.0.19127.20442	16.0.19127.20442
microsoft	sharepoint_server	< 16.0.19127.20442	16.0.19127.20442
microsoft	sharepoint_server	—	—
microsoft	sharepoint_server	—	—
msrc	microsoft_sharepoint_enterprise_server_2016	—	—
msrc	microsoft_sharepoint_server_2019	—	—
msrc	microsoft_sharepoint_server_subscription_edition	—	—