Cross-Site Scripting Vulnerability in Microsoft SharePoint Enterprise Server
CVE-2018-0799

6.1MEDIUM

Key Information:

Vendor
Microsoft
Status
Microsoft Access
Vendor
CVE Published:
10 January 2018

Summary

A cross-site scripting vulnerability exists in Microsoft Access when it improperly handles image field values in Microsoft SharePoint Enterprise Server 2013 and 2016. An attacker who successfully exploits this vulnerability could inject malicious script content into web pages viewed by users, potentially leading to unauthorized access to sensitive information or performing actions on behalf of unsuspecting users.

Affected Version(s)

Microsoft Access Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102411
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040157
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.