Vulnerabilities > Microsoft > Sharepoint Enterprise Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-13 CVE-2018-8428 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-07-11 CVE-2018-8323 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-07-11 CVE-2018-8299 Cross-site Scripting vulnerability in Microsoft products
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-04-12 CVE-2018-1034 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2016
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-04-12 CVE-2018-1032 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2010/2013/2016
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-04-12 CVE-2018-1014 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-04-12 CVE-2018-1005 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-02-15 CVE-2018-0869 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2016
SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".
network
low complexity
microsoft CWE-79
5.4
5.4
2018-01-10 CVE-2018-0799 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability".
network
low complexity
microsoft CWE-79
6.1
6.1
2017-10-13 CVE-2017-11820 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability".
network
low complexity
microsoft CWE-79
5.4
5.4