CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-1576 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1576
11 Sep 2020 —
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.
The security update add... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576 • CWE-494: Download of Code Without Integrity Check •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1482 – Microsoft Office SharePoint XSS Vulnerability
https://notcve.org/view.php?id=CVE-2020-1482
11 Sep 2020 —
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attac... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1482 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 1%CPEs: 5EXPL: 0CVE-2020-1453 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1453
11 Sep 2020 —
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.
The security update add... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453 • CWE-494: Download of Code Without Integrity Check •
CVSS: 8.8EPSS: 4%CPEs: 5EXPL: 0CVE-2020-1460 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1460
11 Sep 2020 —
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process.
To exploit the vulnerability, an authenticated user must create and invoke a specially crafted page on an affected version of Microsoft SharePoint Server.
... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460 •CVSS: 8.6EPSS: 2%CPEs: 5EXPL: 0CVE-2020-1452 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1452
11 Sep 2020 —
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.
The security update add... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452 • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1345 – Microsoft Office SharePoint XSS Vulnerability
https://notcve.org/view.php?id=CVE-2020-1345
11 Sep 2020 —
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attac... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1345 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 1%CPEs: 4EXPL: 0CVE-2020-1205 – Microsoft SharePoint Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2020-1205
11 Sep 2020 —
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow t... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1205 •
CVSS: 9.9EPSS: 2%CPEs: 5EXPL: 0CVE-2020-1210 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1210
11 Sep 2020 —
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.
The security update add... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210 • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1198 – Microsoft Office SharePoint XSS Vulnerability
https://notcve.org/view.php?id=CVE-2020-1198
11 Sep 2020 —
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attac... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1198 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 1%CPEs: 4EXPL: 0CVE-2020-1200 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1200
11 Sep 2020 —
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.
The security update add... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200 • CWE-494: Download of Code Without Integrity Check •