CVE-2014-1754
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
14/05/2014
Last modified:
12/04/2025
Description
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sharepoint_foundation:2013:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sharepoint_server_client_components_sdk:2013:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/67288
- http://www.securitytracker.com/id/1030227
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022
- http://www.securityfocus.com/bid/67288
- http://www.securitytracker.com/id/1030227
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022