Vulnerabilities > Microsoft > Sharepoint Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-11 | CVE-2019-1296 | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 8.8 |
| 2019-09-11 | CVE-2019-1295 | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 8.8 |
| 2019-09-11 | CVE-2019-1261 | Cross-Site Request Forgery (CSRF) vulnerability in Microsoft products A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. | 8.8 |
| 2019-09-11 | CVE-2019-1260 | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. | 6.5 |
| 2019-09-11 | CVE-2019-1257 | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 8.8 |
| 2019-08-14 | CVE-2019-1205 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. | 7.8 |
| 2019-08-14 | CVE-2019-1203 | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. | 5.4 |
| 2019-08-14 | CVE-2019-1202 | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. | 4.4 |
| 2019-08-14 | CVE-2019-1201 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. | 7.8 |
| 2019-07-15 | CVE-2019-1134 | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |