CVE-2017-0255 — Cross-site Scripting in Corporation Microsoft Office

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

1.2%

top 21.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Office Microsoft Sharepoint Foundation

Timeline

PublishedMay 12

Latest updateMar 22

Description

Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_foundation2013

▶CVEListV5microsoft_corporation/microsoft_officeMicrosoft SharePoint Foundation 2013 SP1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-9r5f-fvq3-4j7x: Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web req↗2022-05-17

▶

CVEList

CVE-2017-0255: Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web req↗2017-05-12

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Elevation of Privilege Vulnerability↗2017-05-09

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - May 2017↗2017-05-10

▶

💬Community

HackerOne

Reflective Cross Site Scripting (XSS) on ███████/Pages↗2024-03-22

▶