CVE-2020-1442

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.6%

top 30.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Office Online Server Microsoft Microsoft Office WEB Apps Microsoft Office WEB Apps

Timeline

PublishedJul 14

Latest updateMay 24

Description

A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDmicrosoft/office_web_apps2013

▶CVEListV5microsoft/microsoft_office_web_apps2013 Service Pack 1

▶CVEListV5microsoft/microsoft_office_online_serverunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-6c2p-9hhc-8hc8: A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulner↗2022-05-24

▶

CVEList

CVE-2020-1442: A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulner↗2020-07-14

▶

📋Vendor Advisories

Microsoft

Office Web Apps XSS Vulnerability↗2020-07-14

▶