Description
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.
Published: 2026-06-09
Score: 4.6 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of input during web page generation that results in cross‑site scripting, allowing an authorized attacker to forge or alter displayed content and mislead users.

Affected Systems

Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition are impacted.

Risk and Exploitability

The CVSS score of 4.6 indicates a moderate severity, and the EPSS score is not available; the vulnerability is not listed in the CISA KEV catalog. An attacker with appropriate authorization can craft input that the Project Server processes and renders, leading to spoofing without requiring additional privileges.

Generated by OpenCVE AI on June 9, 2026 at 19:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update listed on the MSRC page for the affected SharePoint Server versions.
  • Limit or block the submission of untrusted input to Project Server pages until the update is applied.
  • Enforce strict server‑side input validation and consider additional content‑security‑policy headers to mitigate XSS.

Generated by OpenCVE AI on June 9, 2026 at 19:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.
Title Microsoft Office Project Server Spoofing Vulnerability
First Time appeared Microsoft
Microsoft sharepoint Server
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
Weaknesses CWE-79
CPEs cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*
cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft sharepoint Server
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
References
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Sharepoint Server Sharepoint Server 2016 Sharepoint Server 2019
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T21:49:42.988Z

Reserved: 2026-05-12T16:07:22.617Z

Link: CVE-2026-45483

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:22.727

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-45483

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T19:30:12Z

Weaknesses