Cyber Resilience

CVE-2023-36891

High

Published: 08 August 2023

Published
08 August 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0026 49.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-36891 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.0 (High).

Operationally, ranked at the 49.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Deeper analysis

Microsoft SharePoint Server is affected by CVE-2023-36891, a spoofing vulnerability assigned CWE-79 that carries a CVSS 3.1 base score of 8.0. The flaw permits an attacker to present falsified content or identity information through the server, with the network attack vector, low complexity, and low privileges required indicating that authenticated users can trigger the issue remotely.

An attacker who already possesses low-privileged access can exploit the vulnerability by crafting requests that require user interaction on the target side; successful exploitation can result in high impact to confidentiality, integrity, and availability of SharePoint content and sessions.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36891 describes available security updates and configuration guidance for affected SharePoint Server versions.

EPSS for the CVE rose from a low baseline after disclosure to a peak of 0.0741 on 2025-01-22 before receding to the current value of 0.0026, indicating a period of increased exploitation interest well after the original publication date.

EU & UK References

Vulnerability details

Microsoft SharePoint Server Spoofing Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
sharepoint server
2019, all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-79

Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.

addresses: CWE-79

Validates web inputs to reject script-related content that could produce XSS.

addresses: CWE-79

Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.

References