CVE Catalog

CVE-2026-47639

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.51%

40th percentile - higher than 40% of all known CVEs

Summary

A Cross-Site Scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into generated web pages. The attack can lead to user impersonation or session theft.

Risk Assessment

The risk involves potential phishing attacks or credential theft within the organization's network, compromising data confidentiality and integrity.

Recommendation

Immediately apply the security update provided by Microsoft for Microsoft Office SharePoint. Also review and strengthen input validation policies in web applications.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS