Vulnerabilities > Microsoft > Sharepoint Foundation

DATE CVE VULNERABILITY TITLE RISK
2020-07-14 CVE-2020-1439 Deserialization of Untrusted Data vulnerability in Microsoft products
A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-502
8.8
8.8
2020-07-14 CVE-2020-1025 Improper Input Validation vulnerability in Microsoft products
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation.
network
low complexity
microsoft CWE-20
critical
 9.8
9.8
2020-06-09 CVE-2020-1320 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4
2020-06-09 CVE-2020-1318 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4
2020-06-09 CVE-2020-1298 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4
2020-06-09 CVE-2020-1297 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4
2020-06-09 CVE-2020-1289 Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation 2010
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4
2020-06-09 CVE-2020-1183 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4
2020-06-09 CVE-2020-1181 Unspecified vulnerability in Microsoft products
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
network
low complexity
microsoft
8.8
8.8
2020-06-09 CVE-2020-1177 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4