Vulnerability in Microsoft Sharepoint

CVE-2018-8426

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affec…

EPSS: 0.009 (76.1th percentile) — read the EPSS interpretation.

Affected products

Microsoft Sharepoint — versions Enterprise Server 2013 Service Pack 1, Enterprise Server 2016
Microsoft Sharepoint Server — versions 2010 Service Pack 2

References

105208 (vdb-entry, x_refsource_BID)
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8426 (x_refsource_CONFIRM)
1041640 (vdb-entry, x_refsource_SECTRACK)