CVE-2013-5059 — Code Injection in Microsoft Office WEB Apps

CWE-94 — Code Injection3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

12.2%

top 6.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office WEB Apps Microsoft Sharepoint Server

Timeline

PublishedDec 11

Latest updateMay 14

Description

Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabilities."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_server2010, 2013+1

▶NVDmicrosoft/office_web_apps2013

🔴Vulnerability Details

GHSA

GHSA-cpw3-947f-46cc: Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page co↗2022-05-14

▶

CVEList

CVE-2013-5059: Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page co↗2013-12-11

▶