CVE-2015-6037
Last modified
CVE-2015-6037 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka "Microsoft Office Web Apps XSS Spoofing Vulnerability.". EPSS estimates a 9.88% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka "Microsoft Office Web Apps XSS Spoofing Vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Excel Web App | 2010 | Sp2 |
| Microsoft | Office Web Apps | 2010 | Sp2 |
| Microsoft | Office Web Apps | 2013 | Sp1 |
| Microsoft | Sharepoint Foundation | 2013 | Sp1 |
| Microsoft | Sharepoint Server | 2010 | Sp2 |
| Microsoft | Sharepoint Server | 2013 | Sp1 |
References
- http://www.securitytracker.com/id/1033803Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033804Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033803Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033804Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-6037?
How severe is CVE-2015-6037?
How do I fix CVE-2015-6037?
Are you affected by CVE-2015-6037?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST