Microsoft Office SharePoint Cross-Site Scripting Flaw Allows Network Spoofing

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.6

Microsoft Office SharePoint Cross-Site Scripting Flaw Allows Network Spoofing

CVE-2026-20945

Summary

An attacker can manipulate website content on a SharePoint site, potentially tricking users into doing something they shouldn't. This affects all Microsoft Office SharePoint versions. To fix this, update to the latest SharePoint version or apply a patch if available.

Original title

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Original description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

nvd CVSS3.1 4.6

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20945

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026