sharepoint foundation · threatengine.sh

Home/Product/microsoft sharepoint foundation

Product

microsoft sharepoint foundation

226 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Microsoft Word Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Security Feature Bypass Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Information Disclosure Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Denial of Service Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Information Disclosure Vulnerability

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Tampering Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Elevation of Privilege Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint Information Disclosure Vulnerability

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Elevation of Privilege Vulnerability

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint Information Disclosure Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Information Disclosure Vulnerability

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an a

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an a

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially craft

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially craft

<p>This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected Share

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when

<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data inpu

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an a

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially craft

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially craft

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially craft

<p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsaf

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an a

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an a

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially craft

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially craft

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an a

<p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an a

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially craft

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An att

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an

A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check t

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OA

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe A

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulne

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe A

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an appl

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an appl

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an appl

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an appl

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an appl

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an appl

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an appl

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoi

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoi

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the Sh

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerabi

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input,

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input,

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting i

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerabi

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting i

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an appl

An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), all

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web

An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe A

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted

A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an appl

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an appl

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framewo

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of

An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sa

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Offi

Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a speci

Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local securit

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac

Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel S

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, O

Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers

Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access

Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote

Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject a

Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 S

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Found

Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Ex

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject a

Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Fou

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Wo

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to injec

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attacke

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Off

Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2

Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process una

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 20

Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obt

Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a deni

Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attacke

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web s

Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restriction

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1

Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundatio

Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint

Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint F

Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attac

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2,

Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2

Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and

Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 201

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010,

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin