2 matches found
CVE-2018-8378
CVE-2018-8378 describes an information disclosure in Microsoft Office when Office reads out-of-bounds memory due to an uninitialized variable, potentially exposing memory contents. Affected components include Word, SharePoint Server, Word/Excel Viewers, and related Office products. Connected Open...
CVE-2018-8426
CVE-2018-8426 describes a cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server. The issue arises when a specially crafted web request to SharePoint servers is not properly sanitized, allowing an authenticated attacker to run scripts in the current user’s browser context ...