VDB

GCVE-110-NCSC-2026-182

GCVE-110-NCSC-2026-182
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published June 9, 2026
Microsoft Office SharePoint contains a cross-site scripting vulnerability due to improper input neutralization during web page generation, enabling authorized attackers to perform network-based spoofing.

Weaknesses (CWE)

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-190Integer Overflow or WraparoundCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds ReadCWE-197Numeric Truncation ErrorCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-416Use After FreeCWE-126Buffer Over-readCWE-121Stack-based Buffer OverflowCWE-822Untrusted Pointer DereferenceCWE-502Deserialization of Untrusted Data

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›