CVE-2014-1754

CWE-79 — Cross-site Scripting (XSS)CWE-119 — Buffer Overflow5 documents5 sources

Severity

4.3MEDIUM

EPSS

13.3%

top 5.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office WEB Apps Server Microsoft Sharepoint Foundation Microsoft Sharepoint Server +1 more

Timeline

PublishedMay 14

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDmicrosoft/sharepoint_server2013

▶NVDmicrosoft/sharepoint_foundation2013

▶NVDmicrosoft/office_web_apps_server2013

▶NVDmicrosoft/sharepoint2013

🔴Vulnerability Details

GHSA

GHSA-qpfr-mc5h-6r6v: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Se↗2022-05-14

▶

CVEList

CVE-2014-1754: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Se↗2014-05-14

▶

💥Exploits & PoCs

Exploit-DB

IBM GCM16/32 1.20.0.22575 - Multiple Vulnerabilities↗2014-07-21

▶

📋Vendor Advisories

Red Hat

kernel: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit↗2024-05-17

▶