Description

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.

Remediation

References

CVE-2020-1439

Related Vulnerabilities

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-0933)

WordPress Plugin Easy Media Download Cross-Site Scripting (1.1.4)

Oracle Application Server CVE-2009-1011 Vulnerability (CVE-2009-1011)

WordPress Plugin User Role by BestWebSoft Cross-Site Scripting (1.4.1)

WordPress Plugin WooCommerce Cross-Site Scripting (3.5.0)

Severity

High

Classification

CVE-2020-1439 CWE-502 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities