Required CVE Record Information
Description
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
Product Status
Learn moreVersions 1 Total
Default Status: unknown
affected
Versions 1 Total
Default Status: unknown
affected
Versions 1 Total
Default Status: unknown
affected
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.