Office Web Security Vulnerabilities

CVE-2024-4196

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...

CVE-2024-4706

The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pintra' shortcode in all versions up to, and including, 27.2 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-23941

Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the...

CVE-2023-23396

Microsoft Excel Denial of Service...

CVE-2023-23399

Microsoft Excel Remote Code Execution...

CVE-2023-21716

Microsoft Word Remote Code Execution...

CVE-2022-42786

Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration...

CVE-2022-41103

Microsoft Word Information Disclosure...

CVE-2022-41106

Microsoft Excel Remote Code Execution...

CVE-2022-41060

Microsoft Word Information Disclosure...

CVE-2022-41063

Microsoft Excel Remote Code Execution...

CVE-2022-41061

Microsoft Word Remote Code Execution...

CVE-2005-1676

Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow remote attackers to inject arbitrary web script or HTML via the (1) picture columns embedded...

CVE-2018-6390

The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b)...

CVE-2011-1334

Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files...

CVE-2011-1335

Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list...

CVE-2011-1333

Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board...

CVE-2013-4703

Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2013-5744

Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX...

CVE-2022-30173

Microsoft Excel Remote Code Execution...

CVE-2022-30172

Microsoft Office Information Disclosure...

CVE-2022-30159

Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171,...

CVE-2022-30171

Microsoft Office Information Disclosure...

CVE-2022-29110

Microsoft Excel Remote Code Execution...

CVE-2022-26901

Microsoft Excel Remote Code Execution...

CVE-2022-22716

Microsoft Excel Information Disclosure...

CVE-2022-21840

Microsoft Office Remote Code Execution...

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue...

CVE-2021-43256

Microsoft Excel Remote Code Execution...

CVE-2021-40442

Microsoft Excel Remote Code Execution...

CVE-2021-40486

Microsoft Word Remote Code Execution...

CVE-2021-40472

Microsoft Excel Information Disclosure...

CVE-2021-40474

Microsoft Excel Remote Code Execution...

CVE-2021-38655

Microsoft Excel Remote Code Execution...

CVE-2021-34518

Microsoft Excel Remote Code Execution...

CVE-2021-31939

Microsoft Excel Remote Code Execution...

CVE-2021-31175

Microsoft Office Remote Code Execution...

CVE-2021-31178

Microsoft Office Information Disclosure...

CVE-2021-31176

Microsoft Office Remote Code Execution...

CVE-2021-31177

Microsoft Office Remote Code Execution...

CVE-2021-31179

Microsoft Office Remote Code Execution...

CVE-2021-31174

Microsoft Excel Information Disclosure...

CVE-2021-28456

Microsoft Excel Information Disclosure...

CVE-2021-28451

Microsoft Excel Remote Code Execution...

CVE-2021-28453

Microsoft Word Remote Code Execution...

CVE-2021-28454

Microsoft Excel Remote Code Execution...

CVE-2021-27053

Microsoft Excel Remote Code Execution...

CVE-2021-27054

Microsoft Excel Remote Code Execution...

CVE-2021-27057

Microsoft Office Remote Code Execution...

CVE-2021-24069

Microsoft Excel Remote Code Execution...