Microsoft Sharepoint Enterprise Server — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Sharepoint Enterprise Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2020-1210 — CVSS 9.9 (critical): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2020-1595 — CVSS 9.9 (critical): <p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An…
CVE-2020-1025 — CVSS 9.8 (critical): An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token…
CVE-2020-1023 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-0971 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-0974 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2025-47172 — CVSS 8.8 (high): Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized…
CVE-2018-0789 — CVSS 8.8 (high): Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege…
CVE-2018-0790 — CVSS 8.8 (high): Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege…
CVE-2025-47166 — CVSS 8.8 (high): Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-29794 — CVSS 8.8 (high): Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2018-0909 — CVSS 8.8 (high): Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how…
CVE-2018-0910 — CVSS 8.8 (high): Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how…
CVE-2018-0911 — CVSS 8.8 (high): Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how…
CVE-2018-0912 — CVSS 8.8 (high): Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how…
CVE-2018-0913 — CVSS 8.8 (high): Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how…
CVE-2018-0914 — CVSS 8.8 (high): Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how…
CVE-2018-0915 — CVSS 8.8 (high): Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how…
CVE-2018-0916 — CVSS 8.8 (high): Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how…
CVE-2018-0917 — CVSS 8.8 (high): Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are…
CVE-2018-0921 — CVSS 8.8 (high): Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are…
CVE-2018-0923 — CVSS 8.8 (high): Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are…
CVE-2018-0944 — CVSS 8.8 (high): Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how…
CVE-2018-0947 — CVSS 8.8 (high): Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to…
CVE-2018-8300 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-1102 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-0929 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-0931 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-0932 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-1024 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2017-11936 — CVSS 8.8 (high): Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka…
CVE-2017-8512 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office…
CVE-2019-1257 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-1583 — CVSS 8.8 (high): An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who…
CVE-2019-1261 — CVSS 8.8 (high): A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in…
CVE-2019-1295 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka…
CVE-2019-1296 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka…
CVE-2020-1495 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An…
CVE-2020-1448 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-1447 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-1446 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-0850 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-1439 — CVSS 8.8 (high): A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source…
CVE-2025-47163 — CVSS 8.8 (high): Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2020-1295 — CVSS 8.8 (high): An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
CVE-2020-0920 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-1181 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net…
CVE-2020-1178 — CVSS 8.8 (high): An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted…
CVE-2020-1069 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net…
CVE-2017-11876 — CVSS 8.8 (high): Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that…
CVE-2018-8635 — CVSS 8.8 (high): An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted…
CVE-2019-0594 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2019-0668 — CVSS 8.8 (high): An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request…
CVE-2019-0952 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net…
CVE-2019-0957 — CVSS 8.8 (high): An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request…
CVE-2020-16945 — CVSS 8.7 (high): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-16946 — CVSS 8.7 (high): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-16944 — CVSS 8.7 (high): <p>This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint…
CVE-2020-1200 — CVSS 8.6 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2020-16951 — CVSS 8.6 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2020-16952 — CVSS 8.6 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2020-1452 — CVSS 8.6 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2020-1453 — CVSS 8.6 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2020-1460 — CVSS 8.6 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net…
CVE-2020-1576 — CVSS 8.5 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2025-53733 — CVSS 8.4 (high): Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2018-8284 — CVSS 8.1 (high): A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote…
CVE-2017-8742 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2…
CVE-2018-0797 — CVSS 7.8 (high): Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF…
CVE-2018-0922 — CVSS 7.8 (high): Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office…
CVE-2018-8628 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory…
CVE-2019-1034 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who…
CVE-2019-1201 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who…
CVE-2020-0892 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-0980 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-1218 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker…
CVE-2020-16929 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory…
CVE-2017-0003 — CVSS 7.8 (high): Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka…
CVE-2019-1006 — CVSS 7.5 (high): An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing…
CVE-2020-1345 — CVSS 7.4 (high): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1198 — CVSS 7.4 (high): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2025-29793 — CVSS 7.2 (high): Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-54905 — CVSS 7.1 (high): Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2025-53736 — CVSS 6.8 (medium): Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2019-1443 — CVSS 6.5 (medium): An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint…
CVE-2020-16953 — CVSS 6.5 (medium): <p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker…
CVE-2020-16948 — CVSS 6.5 (medium): <p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker…
CVE-2019-0956 — CVSS 6.5 (medium): An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request…
CVE-2019-1330 — CVSS 6.5 (medium): An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'…
CVE-2019-1260 — CVSS 6.5 (medium): An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
CVE-2020-1103 — CVSS 6.5 (medium): An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to…
CVE-2020-1440 — CVSS 6.3 (medium): <p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully…
CVE-2020-1482 — CVSS 6.3 (medium): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2018-0799 — CVSS 6.1 (medium): Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a…
CVE-2020-1106 — CVSS 6.1 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1323 — CVSS 6.1 (medium): An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could…
CVE-2019-0670 — CVSS 6.1 (medium): A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft…
CVE-2019-1446 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel…
CVE-2020-1342 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable…
CVE-2020-1573 — CVSS 5.5 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1445 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office…
CVE-2020-1505 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who…
CVE-2020-1503 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who…
CVE-2020-1224 — CVSS 5.5 (medium): <p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who…
CVE-2020-1104 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1107 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1148 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1177 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-0925 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-0924 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1183 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-0923 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-0894 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1227 — CVSS 5.4 (medium): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-0893 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1297 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1298 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1318 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1320 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-0891 — CVSS 5.4 (medium): This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint…
CVE-2020-1443 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-0795 — CVSS 5.4 (medium): This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint…
CVE-2020-0694 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-0693 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1450 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1451 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1454 — CVSS 5.4 (medium): This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint…
CVE-2020-1456 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1329 — CVSS 5.4 (medium): An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request…
CVE-2020-1499 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1500 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1501 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1514 — CVSS 5.4 (medium): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1328 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1580 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1203 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1134 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1070 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1036 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1033 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1032 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…