CVE-2026-47636
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk40th percentile - higher than 40% of all known CVEs
Summary
A Cross-Site Scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a web page. This can lead to spoofing attacks and session hijacking.
Risk Assessment
The organization is exposed to phishing attacks and credential theft, potentially resulting in data confidentiality breaches and account takeover.
Recommendation
Apply the security update provided by Microsoft for Microsoft Office SharePoint immediately. Additionally, implement input validation and output encoding mechanisms in web applications.
Original NVD description (English source)
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

