XSS in Microsoft Sharepoint_foundation

CVE-2015-1636

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Micr…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.079 (92.2th percentile) — read the EPSS interpretation.

Affected products

Microsoft Sharepoint_foundation — versions 2013
Microsoft Sharepoint_server — versions 2013
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

MS15-022 (x_refsource_MS, vendor-advisory)
1031895 (vdb-entry, x_refsource_SECTRACK)