Microsoft Sharepoint Foundation — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Sharepoint Foundation, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2013-1330 — CVSS 10.0 (critical): The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web…
CVE-2020-1210 — CVSS 9.9 (critical): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2020-1595 — CVSS 9.9 (critical): <p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An…
CVE-2020-1025 — CVSS 9.8 (critical): An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token…
CVE-2015-0085 — CVSS 9.3 (critical): Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010…
CVE-2013-3847 — CVSS 9.3 (critical): Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007…
CVE-2013-1315 — CVSS 9.3 (critical): Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013…
CVE-2014-2816 — CVSS 9.3 (critical): Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain…
CVE-2014-0251 — CVSS 9.0 (critical): Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation…
CVE-2020-0931 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-0932 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2019-1296 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka…
CVE-2020-1181 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net…
CVE-2019-1295 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka…
CVE-2019-1261 — CVSS 8.8 (high): A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in…
CVE-2019-1259 — CVSS 8.8 (high): A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in…
CVE-2019-1257 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-1439 — CVSS 8.8 (high): A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source…
CVE-2020-0971 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-1069 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net…
CVE-2020-1023 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2019-0958 — CVSS 8.8 (high): An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request…
CVE-2019-0952 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net…
CVE-2020-0929 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-0850 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2018-0790 — CVSS 8.8 (high): Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege…
CVE-2020-0920 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-1024 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2019-0594 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application…
CVE-2020-16946 — CVSS 8.7 (high): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-16944 — CVSS 8.7 (high): <p>This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint…
CVE-2020-16945 — CVSS 8.7 (high): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1460 — CVSS 8.6 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net…
CVE-2020-1452 — CVSS 8.6 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2020-1453 — CVSS 8.6 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2020-16951 — CVSS 8.6 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2020-16952 — CVSS 8.6 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2020-1200 — CVSS 8.6 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2020-1576 — CVSS 8.5 (high): <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an…
CVE-2018-8284 — CVSS 8.1 (high): A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote…
CVE-2016-3357 — CVSS 7.8 (high): Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word…
CVE-2017-0281 — CVSS 7.8 (high): Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web…
CVE-2013-0085 — CVSS 7.8 (high): Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of…
CVE-2020-0892 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2016-0054 — CVSS 7.8 (high): Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office…
CVE-2016-0136 — CVSS 7.8 (high): Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services…
CVE-2013-0084 — CVSS 7.5 (high): Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to…
CVE-2013-0080 — CVSS 7.5 (high): Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for…
CVE-2019-1006 — CVSS 7.5 (high): An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing…
CVE-2020-1345 — CVSS 7.4 (high): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1198 — CVSS 7.4 (high): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1330 — CVSS 6.5 (medium): An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'…
CVE-2019-1260 — CVSS 6.5 (medium): An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
CVE-2019-0956 — CVSS 6.5 (medium): An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request…
CVE-2020-1103 — CVSS 6.5 (medium): An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to…
CVE-2020-16953 — CVSS 6.5 (medium): <p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker…
CVE-2020-16948 — CVSS 6.5 (medium): <p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker…
CVE-2019-1443 — CVSS 6.5 (medium): An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint…
CVE-2020-1482 — CVSS 6.3 (medium): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-0670 — CVSS 6.1 (medium): A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft…
CVE-2015-6117 — CVSS 6.1 (medium): Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control…
CVE-2020-1106 — CVSS 6.1 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2016-0039 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject…
CVE-2017-0107 — CVSS 6.1 (medium): Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security…
CVE-2015-1700 — CVSS 6.0 (medium): Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow…
CVE-2019-0949 — CVSS 5.7 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2019-0950 — CVSS 5.7 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1573 — CVSS 5.5 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1505 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who…
CVE-2020-1580 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2016-0011 — CVSS 5.4 (medium): Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control…
CVE-2017-0255 — CVSS 5.4 (medium): Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially…
CVE-2017-8745 — CVSS 5.4 (medium): An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a…
CVE-2018-8155 — CVSS 5.4 (medium): An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request…
CVE-2018-8252 — CVSS 5.4 (medium): An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request…
CVE-2018-8254 — CVSS 5.4 (medium): An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request…
CVE-2018-8299 — CVSS 5.4 (medium): An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request…
CVE-2018-8568 — CVSS 5.4 (medium): An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request…
CVE-2018-8572 — CVSS 5.4 (medium): An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request…
CVE-2019-0778 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-0830 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-0831 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-0951 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2019-0963 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1031 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1033 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1036 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1262 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2019-1328 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2019-1329 — CVSS 5.4 (medium): An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request…
CVE-2020-0795 — CVSS 5.4 (medium): This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint…
CVE-2020-0891 — CVSS 5.4 (medium): This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint…
CVE-2020-0894 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-0923 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-0924 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-0925 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-0933 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-0972 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-0975 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-0976 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-0978 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1100 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1101 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1104 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1107 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1177 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1183 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1227 — CVSS 5.4 (medium): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1289 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1297 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1298 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1318 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1320 — CVSS 5.4 (medium): A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1443 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1499 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1501 — CVSS 5.4 (medium): A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected…
CVE-2020-1514 — CVSS 5.4 (medium): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2020-1575 — CVSS 5.4 (medium): <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web…
CVE-2013-0081 — CVSS 5.0 (medium): Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned…
CVE-2013-0086 — CVSS 5.0 (medium): Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain…
CVE-2020-1205 — CVSS 4.6 (medium): <p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an…
CVE-2019-1202 — CVSS 4.4 (medium): An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who…
CVE-2011-0653 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows…
CVE-2010-3324 — CVSS 4.3 (medium): The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2…
CVE-2020-1444 — CVSS 4.3 (medium): A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka…
CVE-2012-2520 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010…
CVE-2012-1863 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and…