Vulnerabilities > Microsoft > Sharepoint Foundation > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-10 CVE-2018-0790 Unspecified vulnerability in Microsoft products
Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".
network
low complexity
microsoft
6.5
6.5
2017-03-17 CVE-2017-0107 Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation 2013
Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability."
network
microsoft CWE-79
4.3
4.3
2016-02-10 CVE-2016-0039 Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation 2013
Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
network
microsoft CWE-79
4.3
4.3
2016-01-13 CVE-2015-6117 Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server
Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature Bypass," a different vulnerability than CVE-2016-0011.
network
microsoft CWE-79
4.3
4.3
2015-05-13 CVE-2015-1700 Improper Input Validation vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server
Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."
network
microsoft CWE-20
6.0
6.0
2015-04-14 CVE-2015-1653 Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
network
microsoft CWE-79
4.3
4.3
2014-11-11 CVE-2014-4116 Cross-Site Scripting vulnerability in Microsoft Sharepoint Foundation 2010
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."
network
microsoft CWE-79
4.3
4.3
2014-05-14 CVE-2014-1754 Cross-Site Scripting vulnerability in Microsoft products
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
network
microsoft CWE-79
4.3
4.3
2013-09-11 CVE-2013-3180 Cross-Site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."
network
microsoft CWE-79
4.3
4.3
2013-09-11 CVE-2013-3179 Cross-Site Scripting vulnerability in Microsoft products
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
network
microsoft CWE-79
4.3
4.3