5.4
CVE-2017-0195
- EPSS 1.1%
- Published 12.04.2017 14:59:01
- Last modified 20.04.2025 01:37:25
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Excel Web App Version2010 Updatesp2
Microsoft ≫ Office Web Apps Version2010 Updatesp2
Microsoft ≫ Office Web Apps Server Version2013 Updatesp1
Microsoft ≫ Sharepoint Server Version2010 Updatesp1
Microsoft ≫ Sharepoint Server Version2010 Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 1.1% | 0.761 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.