CVE Catalog

CVE-2026-33113

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.52%

41th percentile - higher than 41% of all known CVEs

Summary

A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a web page. The attack can be performed remotely over a network.

Risk Assessment

The organization is exposed to spoofing attacks, which may lead to credential theft or malware distribution among SharePoint users.

Recommendation

Apply the security update provided by Microsoft for Microsoft Office SharePoint immediately. Additionally, implement input filtering and output encoding mechanisms in web applications.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS