CVE-2026-55030 in SharePoint Serverinfo

Summary

by MITRE • 07/14/2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/14/2026

Cross-site scripting vulnerabilities in Microsoft Office SharePoint represent a critical security weakness that enables authenticated attackers to manipulate web page content and deceive users through network-based exploitation. This vulnerability falls under the CWE-79 category of Cross-Site Scripting, where insufficient input validation and output sanitization allow malicious code execution within the context of trusted user sessions. The flaw specifically manifests during the web page generation process when SharePoint fails to properly neutralize or escape user-supplied data before rendering it in HTML output, creating opportunities for attackers to inject malicious scripts that execute in the victim's browser.

The operational impact of this vulnerability extends beyond simple data theft or session hijacking, as it enables sophisticated spoofing attacks that can compromise user trust and system integrity. An attacker with valid credentials can leverage this weakness to create deceptive web pages that appear legitimate to users, potentially facilitating phishing campaigns or social engineering attacks. The attack vector operates through network-based exploitation where the malicious input is processed by SharePoint's rendering engine without adequate sanitization, allowing scripts to execute in the context of other users' sessions. This creates a pathway for attackers to manipulate content displayed to authenticated users, potentially redirecting them to malicious sites or stealing sensitive information through session cookies and other browser-based credentials.

Microsoft Office SharePoint serves as a collaborative platform where users frequently interact with web content, making this vulnerability particularly dangerous in enterprise environments where multiple users access shared resources. The exploitation process typically involves crafting malicious input that bypasses SharePoint's validation mechanisms, then submitting it through various interfaces such as list items, discussion boards, or document properties. When other users view the compromised content, their browsers execute the injected scripts, which can range from simple redirections to complex malware delivery mechanisms. This vulnerability directly aligns with ATT&CK technique T1059.003 for command and scripting interpreter, specifically web shell execution, and T1566 for credential harvesting through social engineering.

The remediation approach requires comprehensive input validation and output encoding mechanisms throughout SharePoint's content processing pipeline. Organizations should implement strict sanitization of all user inputs, particularly those that appear in rendered web content, utilizing proper HTML escaping and context-appropriate encoding techniques. Microsoft recommends applying security patches promptly and implementing additional mitigations such as Content Security Policy headers to limit script execution capabilities. The vulnerability also underscores the importance of principle of least privilege implementation where users have minimal necessary permissions, reducing the potential impact of successful exploitation. Regular security assessments and web application firewalls can provide additional layers of protection against such attacks, while user education about recognizing spoofed content remains essential for comprehensive defense.

Responsible

Microsoft

Reservation

06/16/2026

Disclosure

07/14/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!