Home

CVE-2016-0039

Description

Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka Microsoft SharePoint XSS Vulnerability.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.457

Associated Vulnerability

VulnerabilityOS Platform
Security Update for Microsoft Office 2007 suites (KB3114742)Windows
Security Update for Microsoft Office Excel 2007 (KB3114741)Windows
Security Update for Microsoft Office Word 2007 (KB3114748)Windows
Security Update for Microsoft Office 2010 (KB3114752) 32-Bit EditionWindows
Security Update for Microsoft Office 2010 (KB3114752) 64-Bit EditionWindows
Security Update for Microsoft Excel 2010 (KB3114759) 32-Bit EditionWindows
Security Update for Microsoft Excel 2010 (KB3114759) 64-Bit EditionWindows
Security Update for Microsoft Word 2010 (KB3114755) 32-Bit EditionWindows
Security Update for Microsoft Word 2010 (KB3114755) 64-Bit EditionWindows
Security Update for Microsoft Excel 2013 (KB3114734) 32-Bit EditionWindows
Security Update for Microsoft Excel 2013 (KB3114734) 64-Bit EditionWindows
Security Update for Microsoft Word 2013 (KB3114724) 32-Bit EditionWindows
Security Update for Microsoft Word 2013 (KB3114724) 64-Bit EditionWindows
Security Update for Microsoft Excel 2016 (KB3114698) 32-Bit EditionWindows
Security Update for Microsoft Excel 2016 (KB3114698) 64-Bit EditionWindows
Security Update for Microsoft Word 2016 (KB3114702) 32-Bit EditionWindows
Security Update for Microsoft Word 2016 (KB3114702) 64-Bit EditionWindows
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114548)Windows
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114745)Windows
Security Update for Microsoft Office Excel Viewer 2007 (KB3114747)Windows
Security Update for Word Viewer (KB3114773)Windows
Security Update for Microsoft SharePoint Enterprise Server 2013 (KB3039768)Windows
Security Update for Microsoft SharePoint Enterprise Server 2013 (KB3114335)Windows
Security Update for Microsoft SharePoint Foundation 2013 (KB3114733)Windows
Microsoft Office XSS Elevation of Privilege Vulnerability for Microsoft Excel Web App (KB3101522)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-20052Security Update for Microsoft Office Excel 2007 (KB3114741)
PATCH-20053Security Update for Microsoft Office Word 2007 (KB3114748)
PATCH-20054Security Update for Microsoft Office 2010 (KB3114752) 32-Bit Edition
PATCH-20055Security Update for Microsoft Office 2010 (KB3114752) 64-Bit Edition
PATCH-20056Security Update for Microsoft Excel 2010 (KB3114759) 32-Bit Edition
PATCH-20057Security Update for Microsoft Excel 2010 (KB3114759) 64-Bit Edition
PATCH-20058Security Update for Microsoft Word 2010 (KB3114755) 32-Bit Edition
PATCH-20060Security Update for Microsoft Excel 2013 (KB3114734) 32-Bit Edition
PATCH-20061Security Update for Microsoft Excel 2013 (KB3114734) 64-Bit Edition
PATCH-20062Security Update for Microsoft Word 2013 (KB3114724) 32-Bit Edition
PATCH-20063Security Update for Microsoft Word 2013 (KB3114724) 64-Bit Edition
PATCH-20064Security Update for Microsoft Excel 2016 (KB3114698) 32-Bit Edition
PATCH-20065Security Update for Microsoft Excel 2016 (KB3114698) 64-Bit Edition
PATCH-20066Security Update for Microsoft Word 2016 (KB3114702) 32-Bit Edition
PATCH-20067Security Update for Microsoft Word 2016 (KB3114702) 64-Bit Edition
PATCH-20069Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114745)
PATCH-20070Security Update for Microsoft Office Excel Viewer 2007 (KB3114747)
PATCH-20071Security Update for Word Viewer (KB3114773)
PATCH-20072Security Update for Microsoft SharePoint Enterprise Server 2013 (KB3039768)
PATCH-20073Security Update for Microsoft SharePoint Enterprise Server 2013 (KB3114335)
PATCH-22185Security Update for Microsoft Excel Web App (KB3101522)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234