CVE-2017-0195

Name of the Vulnerable Software and Affected Versions Microsoft Excel Services on Microsoft SharePoint Server 2010 versions SP1 through SP2 Microsoft Excel Web Apps 2010 version SP2 Microsoft Office Web Apps 2010 version SP2 Microsoft Office Web Apps Server 2013 version SP1 Office Online Server (affected versions not specified)

Description The issue allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request.

Recommendations For Microsoft Excel Services on Microsoft SharePoint Server 2010 versions SP1 through SP2, update to a version that includes the fix for this issue. For Microsoft Excel Web Apps 2010 version SP2, update to a version that includes the fix for this issue. For Microsoft Office Web Apps 2010 version SP2, update to a version that includes the fix for this issue. For Microsoft Office Web Apps Server 2013 version SP1, update to a version that includes the fix for this issue. For Office Online Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.