CVE-2014-1754

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server 2013 versions Gold and SP1 Microsoft SharePoint Foundation 2013 versions Gold and SP1 Microsoft Office Web Apps Server 2013 versions Gold and SP1 Microsoft SharePoint Server 2013 Client Components SDK (affected versions not specified)

Description The issue allows remote attackers to inject arbitrary web script or HTML via a crafted request. This can lead to cross-site scripting attacks on affected systems, enabling an attacker to run script in the security context of the logged-on user. The vulnerability exists in Microsoft SharePoint Server and Microsoft Office Web Apps, allowing an attacker to perform elevation of privilege and conduct cross-site scripting attacks.

Recommendations For Microsoft SharePoint Server 2013 versions Gold and SP1, update to a version that includes the fix for this issue. For Microsoft SharePoint Foundation 2013 versions Gold and SP1, update to a version that includes the fix for this issue. For Microsoft Office Web Apps Server 2013 versions Gold and SP1, update to a version that includes the fix for this issue. For Microsoft SharePoint Server 2013 Client Components SDK, at the moment, there is no information about a newer version that contains a fix for this vulnerability.