CVE-2017-0195

medium

Microsoft

CVSS v3 Base Score

5.4

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Score

1.0%

Exploitation probability in 30 days

Top 23% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Confidentiality

Low

Integrity

Low

Availability

None

Published: April 12, 2017 (3319 days ago)

Last Modified: May 13, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."

CWE

CWE-79

Affected Products

microsoft excel web appmicrosoft office online servermicrosoft office web appsmicrosoft office web apps servermicrosoft sharepoint server

References

🔗 www.securityfocus.com 🔗 portal.msrc.microsoft.com 🔗 www.securityfocus.com 🔗 portal.msrc.microsoft.com

CVE-2017-0195

Vulnerability Report

Description

CWE

Affected Products

References