XSS in Microsoft Excel_web_app

CVE-2015-6037

Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows r…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.102 (93.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft Excel_web_app — versions 2010
Microsoft Office_web_apps — versions 2010, 2013
Microsoft Sharepoint_foundation — versions 2013
Microsoft Sharepoint_server — versions 2010, 2013
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

MS15-110 (x_refsource_MS, vendor-advisory)
1033804 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
1033803 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)