CVE-2026-45481 HIGH

CVE-2026-45481: Microsoft SharePoint Server Spoofing Vulnerability

Vendor Microsoft
Product Microsoft SharePoint Enterprise Server 2016
Weakness CWE-79 · XSS
Published June 9, 2026
Last update June 15, 2026
View on NVD All CVEs

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Key dates

02Disclosure timeline

June 9, 2026 CVE published
June 15, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-43148 WordPress StreamCast <= 2.2.3 - Stored Cross Site Scripting (XSS) vulnerability CVE-2025-9367 Welcart e-Commerce <= 2.11.20 - Authenticated (Editor+) Stored Cross-Site Scripting CVE-2023-48501 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-33997 moodle: stored XSS risk when editing another user's equation in equation editor CVE-2023-49768 WordPress WP-FormAssembly plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability