4.6

CVE-2026-45483

Medienbericht

Microsoft Office Project Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMicrosoft
Produkt Microsoft SharePoint Enterprise Server 2016
Version 16.0.0
Version < 16.0.5556.1005
Status affected
HerstellerMicrosoft
Produkt Microsoft SharePoint Server 2019
Version 16.0.0
Version < 16.0.10417.20153
Status affected
HerstellerMicrosoft
Produkt Microsoft SharePoint Server Subscription Edition
Version 16.0.0
Version < 16.0.19725.20384
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.51% 0.391
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 4.6 2.1 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
10.06.2026 18:13
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.06.2026 20:12
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45483