VDB
GCVE-110-NCSC-2026-182
GCVE-110-NCSC-2026-182
Advisory PublishedCVSS 5.4/10
Microsoft Office SharePoint contains a cross-site scripting vulnerability due to improper input neutralization during web page generation, enabling authorized attackers to perform network-based spoofing.
Weaknesses (CWE)
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-190Integer Overflow or WraparoundCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds ReadCWE-197Numeric Truncation ErrorCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-416Use After FreeCWE-126Buffer Over-readCWE-121Stack-based Buffer OverflowCWE-822Untrusted Pointer DereferenceCWE-502Deserialization of Untrusted Data
Risk Scores
CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Microsoft | vers:unknown/* | — | — |
Aliases
CVE-2026-33113CVE-2026-42835CVE-2026-44803CVE-2026-44812CVE-2026-44817CVE-2026-44818CVE-2026-44819CVE-2026-44820CVE-2026-44821CVE-2026-44822CVE-2026-44823CVE-2026-44824CVE-2026-45453CVE-2026-45454CVE-2026-45455CVE-2026-45456CVE-2026-45457CVE-2026-45458CVE-2026-45459CVE-2026-45460CVE-2026-45461CVE-2026-45462CVE-2026-45463CVE-2026-45464CVE-2026-45465CVE-2026-45466CVE-2026-45467CVE-2026-45468CVE-2026-45469CVE-2026-45471CVE-2026-45472CVE-2026-45474CVE-2026-45475CVE-2026-45479CVE-2026-45481CVE-2026-45483CVE-2026-45484CVE-2026-45485CVE-2026-45486CVE-2026-45643CVE-2026-45645CVE-2026-45649CVE-2026-47293CVE-2026-47298CVE-2026-47634CVE-2026-47635CVE-2026-47636CVE-2026-47637CVE-2026-47638CVE-2026-47639CVE-2026-47640CVE-2026-47641CVE-2026-48560CVE-2026-48562
References
Browse GCVE Records
72,409 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.