The vulnerability results from improper neutralization of input during web page generation in Microsoft SharePoint. The weakness is identified as CWE‑79, a Cross‑Site Scripting flaw. The description indicates that an attacker who can authorize privileged actions to add or modify page content can inject malicious scripts that run in the context of legitimate users. Based on the description, it is inferred that the attacker must have authorized access to modify page content to perform the injection. The injected code can make users believe they are interacting with trusted SharePoint content while the attacker controls the malicious behavior, enabling spoofing over the network.

Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition are affected. The advisory does not list specific patch versions, so any installation prior to the security update is vulnerable.

The CVSS score of 5.4 indicates moderate severity, and no EPSS or KEV listing is available, suggesting limited evidence of public exploitation. Based on the description, it is inferred that the attack requires an authorized user who can modify page content, implying that privilege escalation or lateral movement within the network may be necessary. The likely attack vector is through authorized content management within the SharePoint environment. Once exploited, arbitrary client‑side code executes as if it came from the legitimate server, allowing social‑engineering or false‑information attacks within the user base.