Main Vulnerability Database Vulnerabilities #VU11736

Cross-site scripting in Microsoft SharePoint Server - CVE-2018-1014

Published: April 10, 2018 / Updated: April 10, 2018

Vulnerability identifier: #VU11736

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1014

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft SharePoint Server

Detailed vulnerability description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability requires that the victim does not have Silverlight installed on the system.

How to mitigate CVE-2018-1014

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1014

Cross-site scripting in Microsoft SharePoint Server - CVE-2018-1014

Detailed vulnerability description

How to mitigate CVE-2018-1014

Sources

Please verify you're human