CVE-2015-6039 — LOW (3.5) — White Hats Nepal

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Microsoft SharePoint Security Feature Bypass Vulnerability."

CVSS Score

3.5

LOW

AV:N/AC:M/Au:S/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Microsoft	Sharepoint Foundation	2013
Microsoft	Sharepoint Server	2013

Related Weaknesses (CWE)

CWE-79

References

http://www.securitytracker.com/id/1033804Third Party AdvisoryVDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-11
http://www.securitytracker.com/id/1033804Third Party AdvisoryVDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-11

FAQ

What is CVE-2015-6039?

CVE-2015-6039 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted...

How severe is CVE-2015-6039?

CVE-2015-6039 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-6039?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Sharepoint Foundation, Microsoft Sharepoint Server.