Cross-Site Scripting Vulnerability in Microsoft SharePoint Server and Related Products
CVE-2014-1754

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sharepoint Foundation; Sharepoint Server; Office Web Apps Server; Sharepoint Server Client Components Sdk
Vendor: CVE Published:; 14 May 2014

Summary

A cross-site scripting (XSS) vulnerability exists in specific versions of Microsoft SharePoint Server and related applications, enabling remote attackers to execute arbitrary web scripts or HTML by submitting a crafted request. This flaw can lead to the unauthorized execution of scripts in the context of users' sessions, potentially compromising sensitive information and allowing further attacks on the system. Proper security measures and updates should be implemented to mitigate the associated risks.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1030227

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/67288

vdb-entryx_refsource_BID

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 14, 2014
Vulnerability Reserved
Jan 29, 2014