CVE-2017-8654 — Cross-site Scripting in Corporation Microsoft Office

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

1.1%

top 22.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Office Microsoft Sharepoint Server

Timeline

PublishedAug 8

Latest updateMay 17

Description

Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_server2010

▶CVEListV5microsoft_corporation/microsoft_officeMicrosoft SharePoint Server 2010 Service Pack 2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-h3v5-q2j6-w52x: Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially craft↗2022-05-17

▶

CVEList

CVE-2017-8654: Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially craft↗2017-08-08

▶

📋Vendor Advisories

Microsoft

Microsoft Office SharePoint XSS Vulnerability↗2017-08-08

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - August 2017↗2017-08-08

▶

Talos

Microsoft Patch Tuesday - August 2017↗2017-08-08

▶