CVE Catalog

CVE-2026-45483

MediumCVSS 4.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile - higher than 19% of all known CVEs

Summary

Microsoft Office Project Server has improper neutralization of input during web page generation, leading to cross-site scripting (XSS) vulnerabilities. This allows an authorized attacker to perform spoofing over a network.

Risk Assessment

This vulnerability could lead to session hijacking or data theft, posing a significant security risk to the organization.

Recommendation

It is recommended to update Microsoft Office Project Server to the latest version and implement appropriate input sanitization filters.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS