Impact
An attacker who is already authenticated can submit data that is rendered on a page without proper encoding. Based on the description, it is inferred that the attacker must have permissions to submit content, likely editing rights. Because the input is not neutralized, the attacker can insert scripts or misleading markup that causes the page to display spoofed elements. This allows the attacker to visually alter the SharePoint interface, potentially impersonating legitimate content and deceiving users.
Affected Systems
Affected systems include Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and the SharePoint Server Subscription Edition. All current releases of these products remain vulnerable until the appropriate security update is applied.
Risk and Exploitability
The CVSS score of 4.6 classifies this vulnerability as medium severity, and an EPSS probability of 25% indicates that exploitation is reasonably likely under the right conditions. The vulnerability is not listed in the CISA KEV catalog, which suggests no confirmed exploitation yet. Exploitation requires an authenticated user capable of submitting content but does not demand knowledge of privileged operations, meaning an insider or compromised account could trigger the attack. The resulting spoofing can undermine user trust and may facilitate social engineering or further compromise. Overall, the risk is moderate and warrants timely remediation.
OpenCVE Enrichment