CVE-2014-1754
Summary
| CVE | CVE-2014-1754 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-05-14 11:13:00 UTC |
| Updated | 2018-10-12 22:05:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability." |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Office Web Apps Server | 2013 | All | All | All |
| Application | Microsoft | Office Web Apps Server | 2013 | sp1 | All | All |
| Application | Microsoft | Office Web Apps Server | 2013 | All | All | All |
| Application | Microsoft | Office Web Apps Server | 2013 | sp1 | All | All |
| Application | Microsoft | Sharepoint Foundation | 2013 | All | All | All |
| Application | Microsoft | Sharepoint Foundation | 2013 | sp1 | All | All |
| Application | Microsoft | Sharepoint Foundation | 2013 | All | All | All |
| Application | Microsoft | Sharepoint Foundation | 2013 | sp1 | All | All |
| Application | Microsoft | Sharepoint Server | 2013 | All | All | All |
| Application | Microsoft | Sharepoint Server | 2013 | sp1 | All | All |
| Application | Microsoft | Sharepoint Server | 2013 | All | All | All |
| Application | Microsoft | Sharepoint Server | 2013 | sp1 | All | All |
| Application | Microsoft | Sharepoint Server Client Components Sdk | 2013 | All | All | All |
| Application | Microsoft | Sharepoint Server Client Components Sdk | 2013 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Microsoft Security Bulletin MS14-022 - Critical | Microsoft Docs | MS | docs.microsoft.com | |
| Microsoft SharePoint CVE-2014-1754 Cross Site Scripting Vulnerability | BID | www.securityfocus.com | |
| Microsoft SharePoint Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Remote Authenticated Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.