CVE-2018-8247Cross-site Scripting in Microsoft Office

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
CNA7.8
EPSS
2.5%
top 14.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft OfficeMicrosoft Office Online ServerMicrosoft Office Online Server+1 more
Timeline
PublishedJun 14
Latest updateMay 13

Description

An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages4 packages

CVEListV5microsoft/microsoft_officeWeb Apps Server 2013 Service Pack 1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-9635-5wrr-hhvf: An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Mi2022-05-13
CVEList
CVE-2018-8247: An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Mi2018-06-14

📋Vendor Advisories

1
Microsoft
Microsoft Office Elevation of Privilege Vulnerability2018-06-12
CVE-2018-8247 — Cross-site Scripting in Microsoft | cvebase