CVE-2015-6039

Published: Oct 14, 2015Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Microsoft SharePoint Security Feature Bypass Vulnerability."

Affected (2)

Products: Microsoft: Sharepoint Foundation, Sharepoint Server

2 products

Sharepoint Foundation

Sharepoint Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Foundation	Version 2013 sp1
Microsoft Sharepoint Server	Version 2013 sp1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.securitytracker.com/id/1033804

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110

Source: secure@microsoft.com

http://www.securitytracker.com/id/1033804

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.