CVE Catalog

CVE-2026-45453

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.51%

40th percentile - higher than 40% of all known CVEs

Summary

A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to inject malicious script into a generated web page. The attack can lead to spoofing or session hijacking.

Risk Assessment

The organization is at risk of phishing attacks and credential theft, potentially resulting in information disclosure and account takeover.

Recommendation

Apply the security update provided by Microsoft for Microsoft Office SharePoint immediately. Additionally, implement a Content Security Policy (CSP) and train users to recognize XSS attacks.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS