Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Remediation

References

CVE-2025-64672

Related Vulnerabilities

WordPress Plugin WP Scrippets Cross-Site Scripting (1.5.1)

WordPress Plugin WP Intercom-Slack for WordPress Information Disclosure (1.2.1)

WordPress Plugin Visual Composer:Page Builder for WordPress Multiple Cross-Site Scripting Vulnerabilities (4.7.3)

WordPress Plugin Easy Testimonials Cross-Site Scripting (3.0.4)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17308)

Severity

Critical

Classification

CVE-2025-64672 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities