cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-0954,https://securityvulnerability.io/vulnerability/CVE-2020-0954,,"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0973, CVE-2020-0978.",Microsoft,"Microsoft Sharepoint Enterprise Server,Microsoft Sharepoint Server,Microsoft Project Server",5.4,MEDIUM,0.0006799999973736703,false,false,false,false,,false,false,2020-04-15T15:13:01.000Z,0
CVE-2019-1033,https://securityvulnerability.io/vulnerability/CVE-2019-1033,,"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1036.",Microsoft,"Microsoft Project Server,Microsoft Sharepoint Foundation,Microsoft Sharepoint Enterprise Server,Microsoft Sharepoint Server",5.4,MEDIUM,0.0006799999973736703,false,false,false,false,,false,false,2019-06-12T13:49:40.000Z,0
CVE-2019-1036,https://securityvulnerability.io/vulnerability/CVE-2019-1036,,"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1033.",Microsoft,"Microsoft Project Server,Microsoft Sharepoint Foundation,Microsoft Sharepoint Enterprise Server,Microsoft Sharepoint Server",5.4,MEDIUM,0.0006799999973736703,false,false,false,false,,false,false,2019-06-12T13:49:40.000Z,0
CVE-2018-8575,https://securityvulnerability.io/vulnerability/CVE-2018-8575,,"A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka ""Microsoft Project Remote Code Execution Vulnerability."" This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.",Microsoft,"Microsoft Project,Office,Microsoft Project Server",7.8,HIGH,0.8542199730873108,false,false,false,false,,false,false,2018-11-14T01:00:00.000Z,0
CVE-2018-8254,https://securityvulnerability.io/vulnerability/CVE-2018-8254,,"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252.",Microsoft,"Microsoft Project Server,Microsoft Sharepoint",5.4,MEDIUM,0.01295000035315752,false,false,false,false,,false,false,2018-06-14T12:00:00.000Z,0
CVE-2018-8156,https://securityvulnerability.io/vulnerability/CVE-2018-8156,,"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168.",Microsoft,"Microsoft Sharepoint,Microsoft Project Server",5.4,MEDIUM,0.01295000035315752,false,false,false,false,,false,false,2018-05-09T19:00:00.000Z,0
CVE-2015-2503,https://securityvulnerability.io/vulnerability/CVE-2015-2503,,"Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka ""Microsoft Office Elevation of Privilege Vulnerability.""",Microsoft,"Word,Onenote,Publisher,Powerpoint,Project Server,Infopath,Access,Excel,Project,Visio,Lync,Skype For Business,Pinyin Ime,Office 2007 Ime",,,0.006819999776780605,false,false,false,false,,false,false,2015-11-11T11:00:00.000Z,0
CVE-2015-1640,https://securityvulnerability.io/vulnerability/CVE-2015-1640,,"Cross-site scripting (XSS) vulnerability in Microsoft Project Server 2010 SP2 and 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka ""Microsoft SharePoint XSS Vulnerability.""",Microsoft,Project Server,,,0.546999990940094,false,false,false,false,,false,false,2015-04-14T20:00:00.000Z,0
CVE-2014-0251,https://securityvulnerability.io/vulnerability/CVE-2014-0251,,"Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka ""SharePoint Page Content Vulnerability.""",Microsoft,"Project Server,Sharepoint Foundation,Web Applications,Sharepoint Server,Sharepoint Designer,Office Web Apps Server,Sharepoint Services,Sharepoint Server Client Components Sdk",,,0.017109999433159828,false,false,false,false,,false,false,2014-05-14T10:00:00.000Z,0
CVE-2009-0102,https://securityvulnerability.io/vulnerability/CVE-2009-0102,,"Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka ""Project Memory Validation Vulnerability.""",Microsoft,"Office Project,Project Server,Project Portfolio Server",,,0.8968499898910522,false,false,false,false,,false,false,2009-12-09T18:00:00.000Z,0
CVE-2006-6617,https://securityvulnerability.io/vulnerability/CVE-2006-6617,,"projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.",Microsoft,Project Server,,,0.020080000162124634,false,false,false,false,,false,false,2006-12-18T11:00:00.000Z,0