CVE Catalog

CVE-2026-45464

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.51%

40th percentile - higher than 40% of all known CVEs

Summary

A cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. The flaw is due to improper neutralization of input during web page generation.

Risk Assessment

An attacker can inject malicious script executed in the victim's browser, potentially leading to session theft, data exfiltration, or dissemination of false information within the organization.

Recommendation

Apply the security update provided by Microsoft for Microsoft Office SharePoint immediately. Additionally, implement input filtering and output encoding mechanisms in web applications.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS