XSS in Microsoft Office_web_apps_server

CVE-2014-1754

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote at…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.133 (94.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office_web_apps_server — versions 2013
Microsoft Sharepoint_foundation — versions 2013
Microsoft Sharepoint_server — versions 2013
Microsoft Sharepoint_server_client_components_sdk — versions 2013
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

MS14-022 (x_refsource_MS, vendor-advisory)
1030227 (vdb-entry, x_refsource_SECTRACK)
67288 (vdb-entry, x_refsource_BID)