CVE-2017-8745 — Cross-site Scripting in Corporation Microsoft Office

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

1.3%

top 20.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Office Microsoft Sharepoint Foundation

Timeline

PublishedSep 13

Latest updateMay 17

Description

An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_foundation2013

▶CVEListV5microsoft_corporation/microsoft_officeMicrosoft SharePoint Foundation 2013 Service Pack 1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-fc4c-64hj-vm5r: An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially c↗2022-05-17

▶

CVEList

CVE-2017-8745: An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially c↗2017-09-13

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Elevation of Privilege Vulnerability↗2017-09-12

▶

Apache

Apache tomcat: CVE-2016-8745↗

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - September 2017↗2017-09-12

▶