CVE-2017-0195

EPSS 1.1%
Published 12.04.2017 14:59:01
Last modified 20.04.2025 01:37:25
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Excel Web App Version2010 Updatesp2

Microsoft ≫ Office Online Server

Microsoft ≫ Office Web Apps Version2010 Updatesp2

Microsoft ≫ Office Web Apps Server Version2013 Updatesp1

Microsoft ≫ Sharepoint Server Version2010 Updatesp1

Microsoft ≫ Sharepoint Server Version2010 Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.1%	0.761

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securityfocus.com/bid/97417

Third Party Advisory

VDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-0195

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-0195

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-0195

EUVD