CVE-2014-1754

medium Microsoft
CVSS v3 Base Score
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS Score
13.3%
Exploitation probability in 30 days
Top 6% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None
Published: May 14, 2014 (4384 days ago)
Last Modified: May 6, 2026
Vendor: Microsoft
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."

CWE

CWE-79

Affected Products

microsoft office web apps servermicrosoft sharepoint foundationmicrosoft sharepoint servermicrosoft sharepoint server client components sdk

References

🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 docs.microsoft.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com