Improper neutralization of input during web page generation in Microsoft SharePoint leads to cross‑site scripting that can be leveraged by an authorized user to impersonate the site or another user on the network. The spoofing can trick legitimate users into interacting with content they believe originates from a trusted source, potentially enabling social engineering or credential theft. The vulnerability does not grant arbitrary code execution but allows an attacker to subvert user trust within the affected SharePoint environment.

Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition are affected. No additional version details are specified in the CNA information, indicating that all releases of these products could be vulnerable.

The CVSS score of 5.4 indicates a moderate severity, and the EPSS score is not available, suggesting limited or unknown public exploitation. The vulnerability requires the attacker to be an authorized user with permission to create or modify content that is rendered in a web page. Because the technique relies on XSS within the application, it can be exploited through normal user interfaces and does not require privilege escalation beyond the authorized account. The vulnerability is not listed in CISA’s KEV catalog, so no known active exploitation campaigns are reported. The risk remains moderate but should be mitigated to prevent potential user deception.