Office Online Server Security Vulnerabilities - CVSS Score 5 - 6
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user ...
5.4CVSS
5.2AI Score
0.001EPSS
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2...
5.4CVSS
6.2AI Score
0.293EPSS
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447.
5.4CVSS
5.5AI Score
0.002EPSS
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
5.5CVSS
5.6AI Score
0.003EPSS
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1445.
5.4CVSS
5.5AI Score
0.002EPSS
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'.
5.4CVSS
6AI Score
0.002EPSS
A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'.
5.4CVSS
6AI Score
0.002EPSS
<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p><p>To exploit the vulnerability, an attacker could craft a spec...
5.5CVSS
5.8AI Score
0.008EPSS
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.
5.5CVSS
6AI Score
0.007EPSS
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.
5.5CVSS
6.1AI Score
0.007EPSS
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special documen...
5.5CVSS
5.5AI Score
0.01EPSS
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special documen...
5.5CVSS
5.5AI Score
0.01EPSS
5.5CVSS
5.9AI Score
0.0004EPSS
5.5CVSS
5.8AI Score
0.016EPSS
5.5CVSS
6AI Score
0.0004EPSS
5.5CVSS
6AI Score
0.004EPSS
5.3CVSS
6.1AI Score
0.002EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
5.5CVSS
5.3AI Score
0.001EPSS
5.5CVSS
5.4AI Score
0.001EPSS
5.5CVSS
6.3AI Score
0.001EPSS
5.5CVSS
6.3AI Score
0.001EPSS
5.5CVSS
5AI Score
0.01EPSS
5.5CVSS
5AI Score
0.01EPSS
5.5CVSS
5.3AI Score
0.001EPSS