XSS in Microsoft Excel_web_app
CVE-2017-0195
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.010 (76.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Microsoft Excel_web_app — versions 2010
- Microsoft Office_online_server
- Microsoft Office_web_apps — versions 2010
- Microsoft Office_web_apps_server — versions 2013
- Microsoft Sharepoint_server — versions 2010
- Microsoft Corporation Office — versions Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1, and Office Online Server
Weakness classification (CWE)
References
- secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- secure@microsoft.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
Frequently asked questions
- What is CVE-2017-0195?
- CVE-2017-0195 is a medium-severity vulnerability in Microsoft Excel_web_app, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2017-04-12.
- How severe is CVE-2017-0195?
- Medium severity. CVSS v3 base score is 5.4 out of 10.