CVE-2013-3895 — Microsoft Office WEB Apps vulnerability

CWE-2644 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

32.2%

top 3.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office WEB Apps Microsoft Sharepoint Server

Timeline

PublishedOct 9

Latest updateMay 14

Description

Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_server2007, 2010, 2013+2

▶NVDmicrosoft/office_web_apps2010

🔴Vulnerability Details

GHSA

GHSA-wcw7-2xp7-h88h: Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Paramet↗2022-05-14

▶

CVEList

CVE-2013-3895: Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Paramet↗2013-10-09

▶

💬Community

Bugzilla

CVE-2012-6612 CVE-2013-6407 Apache Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler↗2013-11-29

▶